无法与Java建立TLS连接,我们会遇到一个奇怪的错误
我正在尝试使用Java连接到Rhapsody HL7服务器,但是在握手期间遇到了错误。这是StackTrace:
javax.net.ssl.SSLException: [Ljava.lang.String; cannot be cast to java.lang.String
at sun.security.ssl.Alert.createSSLException(Alert.java:133) ~[na:1.8.0_312]
at sun.security.ssl.TransportContext.fatal(TransportContext.java:324) ~[na:1.8.0_312]
at sun.security.ssl.TransportContext.fatal(TransportContext.java:267) ~[na:1.8.0_312]
at sun.security.ssl.TransportContext.fatal(TransportContext.java:262) ~[na:1.8.0_312]
at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1563) ~[na:1.8.0_312]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:441) ~[na:1.8.0_312]
at sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:813) ~[na:1.8.0_312]
at sun.security.ssl.SSLSocketImpl.access$200(SSLSocketImpl.java:73) ~[na:1.8.0_312]
at sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:1175) ~[na:1.8.0_312]
at java.io.OutputStream.write(OutputStream.java:75) ~[na:1.8.0_312]
我创建了一个简单的测试用例,以确定为什么发生错误。下面的代码示例:
myKeystore = KeyStore.getInstance("JKS");
myTruststore = KeyStore.getInstance("JKS");
myKeystore.load(new FileInputStream(myKeystoreFilename), keyStorePassphrase); // this is a keystore with just the server public cert
myTruststore.load(new FileInputStream(myTruststoreFilename), trustStorePass); // this is the default java cacerts
SSLContext ctx = SSLContext.getInstance("TLSv1.2");
String algorithm = KeyManagerFactory.getDefaultAlgorithm(); // returns "SunX509" by default in 1.8
KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
kmf.init(myKeystore, privateKeyPassphrase);
TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
tmf.init(myTruststore);
TrustManager[] trustManagers = tmf.getTrustManagers();
KeyManager[] keyManagers = kmf.getKeyManagers();
ctx.init(keyManagers, trustManagers, new SecureRandom());
mySocketFactory = ctx.getSocketFactory();
SSLSocket sslsocket = (SSLSocket) mySocketFactory.getSocketFactory().createSocket(host, port);
InputStream in = sslsocket.getInputStream();
OutputStream out = sslsocket.getOutputStream();
String hello = "Hello World";
out.write(hello.getBytes());
while (in.available() > 0) {
LOGGER.debug("Incoming data stream :" + in.read());
}
在握手函数期间发送Hello World Text时,我可以看到错误是错误的,但是我看不到原因。
我还附上了TLS调试日志:
enter: [email protected]: keyStore = KeyStore([server_public_cert=CN=general.xxxxxxxxxxxx.id.electronichealth.net.au, O=Server Org, DC=xxxxxxxxxxxx, DC=id, DC=electronichealth, DC=net, DC=au]), password = [CENSORED]
: exit: [email protected]: keyStore = KeyStore([server_public_cert=CN=general.xxxxxxxxxxxx.id.electronichealth.net.au, O=Server Org, DC=xxxxxxxxxxxx, DC=id, DC=electronichealth, DC=net, DC=au]), password = [CENSORED] => null
: enter: [email protected]: args = KeyStore([verisignclass2g2ca [jdk]=OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US, digicertassuredidg3 [jdk]=CN=DigiCert Assured ID Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US, verisignuniversalrootca [jdk]=CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US, tmaoca=CN=Test Medicare Australia Organisation Certification Authority, OU=Medicare Australia, O=GOV, C=AU, digicerttrustedrootg4 [jdk]=CN=DigiCert Trusted Root G4, OU=www.digicert.com, O=DigiCert Inc, C=US, identrustpublicca [jdk]=CN=IdenTrust Public Sector Root CA 1, O=IdenTrust, C=US, utnuserfirstobjectca [jdk]=CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US, geotrustuniversalca [jdk]=CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US, digicertglobalrootg3 [jdk]=CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US, deutschetelekomrootca2 [jdk]=CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche Telekom AG, C=DE, entrustrootcaec1 [jdk]=CN=Entrust Root Certification Authority - EC1, OU="(c) 2012 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US, secomscrootca1 [jdk]=OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP, globalsignr2ca [jdk]=CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2, identrustdstx3 [jdk]=CN=DST Root CA X3, O=Digital Signature Trust Co., comodoeccca [jdk]=CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB, entrust2048ca [jdk]=CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net, addtrustexternalca [jdk]=CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE, globalsigneccrootcar4 [jdk]=CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4, digisigningcsp=[CN=general.8003630833412103.id.electronichealth.net.au, OU=Diginostic Pty Ltd, O=Diginostic Pty Ltd, DC=8003630833412103, DC=id, DC=electronichealth, DC=net, DC=au,CN=Medicare Australia Organisation Certification Authority, OU=Medicare Australia, O=GOV, C=AU,CN=Medicare Australia Root Certification Authority, OU=Medicare Australia, O=GOV, C=AU], usertrustrsaca [jdk]=CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US, digicertassuredidrootca [jdk]=CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US, digicertglobalrootg2 [jdk]=CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US, actalisauthenticationrootca [jdk]=CN=Actalis Authentication Root CA, O=Actalis S.p.A./03358520967, L=Milan, C=IT, digicertassuredidg2 [jdk]=CN=DigiCert Assured ID Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US, swisssigngoldg2ca [jdk]=CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH, medicare australia org cert sha1=CN=Medicare Australia Organisation Certification Authority, OU=Medicare Australia, O=GOV, C=AU, entrustrootcag2 [jdk]=CN=Entrust Root Certification Authority - G2, OU="(c) 2009 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US, quovadisrootca2g3 [jdk]=CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM, utnuserfirstclientauthemailca [jdk]=CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US, securetrustca [jdk]=CN=SecureTrust CA, O=SecureTrust Corporation, C=US, camerfirmachambersca [jdk]=CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU, geotrustprimaryca [jdk]=CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US, identrustcommercial [jdk]=CN=IdenTrust Commercial Root CA 1, O=IdenTrust, C=US, thawteprimaryrootcag3 [jdk]=CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US, buypassclass3ca [jdk]=CN=Buypass Class 3 Root CA, O=Buypass AS-983163327, C=NO, verisigntsaca [jdk]=CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA, testmca=CN=Test Medicare Australia :6278034019, O=Medicare Australia, L=TUGGERANONG, ST=ACT, C=AU, verisignclass3g4ca [jdk]=CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US, baltimorecybertrustca [jdk]=CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE, luxtrustglobalrootca [jdk]=CN=LuxTrust Global Root, O=LuxTrust s.a., C=LU, verisignclass3g2ca [jdk]=OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US, camerfirmachamberscommerceca [jdk]=CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU, soneraclass2ca [jdk]=CN=Sonera Class2 CA, O=Sonera, C=FI, affirmtrustnetworkingca [jdk]=CN=AffirmTrust Networking, O=AffirmTrust, C=US, northernhealthpubliccert=CN=general.8003620833375509.id.electronichealth.net.au, O=Northern Health, DC=8003620833375509, DC=id, DC=electronichealth, DC=net, DC=au, ttelesecglobalrootclass3ca [jdk]=CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE, xrampglobalca [jdk]=CN=XRamp Global Certification Authority, O=XRamp Security Services Inc, OU=www.xrampsecurity.com, C=US, geotrustprimarycag3 [jdk]=CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US, camerfirmachambersignca [jdk]=CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU, thawteprimaryrootcag2 [jdk]=CN=thawte Primary Root CA - G2, OU="(c) 2007 thawte, Inc. - For authorized use only", O="thawte, Inc.", C=US, usertrusteccca [jdk]=CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US, certplusclass3pprimaryca [jdk]=CN=Class 3P Primary CA, O=Certplus, C=FR, swisssignsilverg2ca [jdk]=CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH, affirmtrustpremiumca [jdk]=CN=AffirmTrust Premium, O=AffirmTrust, C=US, globalsignca [jdk]=CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE, dtrustclass3ca2 [jdk]=CN=D-TRUST Root Class 3 CA 2 2009, O=D-Trust GmbH, C=DE, affirmtrustcommercialca [jdk]=CN=AffirmTrust Commercial, O=AffirmTrust, C=US, letsencryptisrgx1 [jdk]=CN=ISRG Root X1, O=Internet Security Research Group, C=US, thawtepremiumserverca [jdk][email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA, comodoaaaca [jdk]=CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB, geotrustprimarycag2 [jdk]=CN=GeoTrust Primary Certification Authority - G2, OU=(c) 2007 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US, globalsignr3ca [jdk]=CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3, thawteprimaryrootca [jdk]=CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US, quovadisrootca3 [jdk]=CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM, starfieldclass2ca [jdk]=OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US, starfieldrootg2ca [jdk]=CN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US, verisignclass3ca [jdk]=OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US, affirmtrustpremiumeccca [jdk]=CN=AffirmTrust Premium ECC, O=AffirmTrust, C=US, geotrustglobalca [jdk]=CN=GeoTrust Global CA, O=GeoTrust Inc., C=US, godaddyclass2ca [jdk]=OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US, godaddyrootg2ca [jdk]=CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US, verisignclass3g5ca [jdk]=CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US, quovadisrootca2 [jdk]=CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM, certumca [jdk]=CN=Certum CA, O=Unizeto Sp. z o.o., C=PL, medicare australia root cert sha2=CN=Medicare Australia Root Certification Authority, OU=Humanservices, O=GOV, C=AU, swisssignplatinumg2ca [jdk]=CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH, medicare australia root cert sha1=CN=Medicare Australia Root Certification Authority, OU=Medicare Australia, O=GOV, C=AU, chunghwaepkirootca [jdk]=OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd.", C=TW, quovadisrootca3g3 [jdk]=CN=QuoVadis Root CA 3 G3, O=QuoVadis Limited, C=BM, addtrustclass1ca [jdk]=CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE, quovadisrootca [jdk]=CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM, digicerthighassuranceevrootca [jdk]=CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US, quovadisrootca1g3 [jdk]=CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM, certplusclass2primaryca [jdk]=CN=Class 2 Primary CA, O=Certplus, C=FR, keynectisrootca [jdk]=CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR, comodorsaca [jdk]=CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB, buypassclass2ca [jdk]=CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO, secomscrootca2 [jdk]=OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.", C=JP, verisignclass3g3ca [jdk]=CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US, certumtrustednetworkca [jdk]=CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL, entrustevca [jdk]=CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US, teliasonerarootcav1 [jdk]=CN=TeliaSonera Root CA v1, O=TeliaSonera, utnuserfirsthardwareca [jdk]=CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US, tmarca=CN=Test Medicare Australia Root Certification Authority, OU=Medicare Australia, O=GOV, C=AU, globalsigneccrootcar5 [jdk]=CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R5, dtrustclass3ca2ev [jdk]=CN=D-TRUST Root Class 3 CA 2 EV 2009, O=D-Trust GmbH, C=DE, ttelesecglobalrootclass2ca [jdk]=CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE, starfieldservicesrootg2ca [jdk]=CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US, digicertglobalrootca [jdk]=CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US, addtrustqualifiedca [jdk]=CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE])
: exit: [email protected]: args = KeyStore([verisignclass2g2ca [jdk]=OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US, digicertassuredidg3 [jdk]=CN=DigiCert Assured ID Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US, verisignuniversalrootca [jdk]=CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US, tmaoca=CN=Test Medicare Australia Organisation Certification Authority, OU=Medicare Australia, O=GOV, C=AU, digicerttrustedrootg4 [jdk]=CN=DigiCert Trusted Root G4, OU=www.digicert.com, O=DigiCert Inc, C=US, identrustpublicca [jdk]=CN=IdenTrust Public Sector Root CA 1, O=IdenTrust, C=US, utnuserfirstobjectca [jdk]=CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US, geotrustuniversalca [jdk]=CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US, digicertglobalrootg3 [jdk]=CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US, deutschetelekomrootca2 [jdk]=CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche Telekom AG, C=DE, entrustrootcaec1 [jdk]=CN=Entrust Root Certification Authority - EC1, OU="(c) 2012 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US, secomscrootca1 [jdk]=OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP, globalsignr2ca [jdk]=CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2, identrustdstx3 [jdk]=CN=DST Root CA X3, O=Digital Signature Trust Co., comodoeccca [jdk]=CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB, entrust2048ca [jdk]=CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net, addtrustexternalca [jdk]=CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE, globalsigneccrootcar4 [jdk]=CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4, digisigningcsp=[CN=general.8003630833412103.id.electronichealth.net.au, OU=Diginostic Pty Ltd, O=Diginostic Pty Ltd, DC=8003630833412103, DC=id, DC=electronichealth, DC=net, DC=au,CN=Medicare Australia Organisation Certification Authority, OU=Medicare Australia, O=GOV, C=AU,CN=Medicare Australia Root Certification Authority, OU=Medicare Australia, O=GOV, C=AU], usertrustrsaca [jdk]=CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US, digicertassuredidrootca [jdk]=CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US, digicertglobalrootg2 [jdk]=CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US, actalisauthenticationrootca [jdk]=CN=Actalis Authentication Root CA, O=Actalis S.p.A./03358520967, L=Milan, C=IT, digicertassuredidg2 [jdk]=CN=DigiCert Assured ID Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US, swisssigngoldg2ca [jdk]=CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH, medicare australia org cert sha1=CN=Medicare Australia Organisation Certification Authority, OU=Medicare Australia, O=GOV, C=AU, entrustrootcag2 [jdk]=CN=Entrust Root Certification Authority - G2, OU="(c) 2009 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US, quovadisrootca2g3 [jdk]=CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM, utnuserfirstclientauthemailca [jdk]=CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US, securetrustca [jdk]=CN=SecureTrust CA, O=SecureTrust Corporation, C=US, camerfirmachambersca [jdk]=CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU, geotrustprimaryca [jdk]=CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US, identrustcommercial [jdk]=CN=IdenTrust Commercial Root CA 1, O=IdenTrust, C=US, thawteprimaryrootcag3 [jdk]=CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US, buypassclass3ca [jdk]=CN=Buypass Class 3 Root CA, O=Buypass AS-983163327, C=NO, verisigntsaca [jdk]=CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA, testmca=CN=Test Medicare Australia :6278034019, O=Medicare Australia, L=TUGGERANONG, ST=ACT, C=AU, verisignclass3g4ca [jdk]=CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US, baltimorecybertrustca [jdk]=CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE, luxtrustglobalrootca [jdk]=CN=LuxTrust Global Root, O=LuxTrust s.a., C=LU, verisignclass3g2ca [jdk]=OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US, camerfirmachamberscommerceca [jdk]=CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU, soneraclass2ca [jdk]=CN=Sonera Class2 CA, O=Sonera, C=FI, affirmtrustnetworkingca [jdk]=CN=AffirmTrust Networking, O=AffirmTrust, C=US, northernhealthpubliccert=CN=general.8003620833375509.id.electronichealth.net.au, O=Northern Health, DC=8003620833375509, DC=id, DC=electronichealth, DC=net, DC=au, ttelesecglobalrootclass3ca [jdk]=CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE, xrampglobalca [jdk]=CN=XRamp Global Certification Authority, O=XRamp Security Services Inc, OU=www.xrampsecurity.com, C=US, geotrustprimarycag3 [jdk]=CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US, camerfirmachambersignca [jdk]=CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU, thawteprimaryrootcag2 [jdk]=CN=thawte Primary Root CA - G2, OU="(c) 2007 thawte, Inc. - For authorized use only", O="thawte, Inc.", C=US, usertrusteccca [jdk]=CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US, certplusclass3pprimaryca [jdk]=CN=Class 3P Primary CA, O=Certplus, C=FR, swisssignsilverg2ca [jdk]=CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH, affirmtrustpremiumca [jdk]=CN=AffirmTrust Premium, O=AffirmTrust, C=US, globalsignca [jdk]=CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE, dtrustclass3ca2 [jdk]=CN=D-TRUST Root Class 3 CA 2 2009, O=D-Trust GmbH, C=DE, affirmtrustcommercialca [jdk]=CN=AffirmTrust Commercial, O=AffirmTrust, C=US, letsencryptisrgx1 [jdk]=CN=ISRG Root X1, O=Internet Security Research Group, C=US, thawtepremiumserverca [jdk][email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA, comodoaaaca [jdk]=CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB, geotrustprimarycag2 [jdk]=CN=GeoTrust Primary Certification Authority - G2, OU=(c) 2007 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US, globalsignr3ca [jdk]=CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3, thawteprimaryrootca [jdk]=CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US, quovadisrootca3 [jdk]=CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM, starfieldclass2ca [jdk]=OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US, starfieldrootg2ca [jdk]=CN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US, verisignclass3ca [jdk]=OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US, affirmtrustpremiumeccca [jdk]=CN=AffirmTrust Premium ECC, O=AffirmTrust, C=US, geotrustglobalca [jdk]=CN=GeoTrust Global CA, O=GeoTrust Inc., C=US, godaddyclass2ca [jdk]=OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US, godaddyrootg2ca [jdk]=CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US, verisignclass3g5ca [jdk]=CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US, quovadisrootca2 [jdk]=CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM, certumca [jdk]=CN=Certum CA, O=Unizeto Sp. z o.o., C=PL, medicare australia root cert sha2=CN=Medicare Australia Root Certification Authority, OU=Humanservices, O=GOV, C=AU, swisssignplatinumg2ca [jdk]=CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH, medicare australia root cert sha1=CN=Medicare Australia Root Certification Authority, OU=Medicare Australia, O=GOV, C=AU, chunghwaepkirootca [jdk]=OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd.", C=TW, quovadisrootca3g3 [jdk]=CN=QuoVadis Root CA 3 G3, O=QuoVadis Limited, C=BM, addtrustclass1ca [jdk]=CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE, quovadisrootca [jdk]=CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM, digicerthighassuranceevrootca [jdk]=CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US, quovadisrootca1g3 [jdk]=CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM, certplusclass2primaryca [jdk]=CN=Class 2 Primary CA, O=Certplus, C=FR, keynectisrootca [jdk]=CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR, comodorsaca [jdk]=CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB, buypassclass2ca [jdk]=CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO, secomscrootca2 [jdk]=OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.", C=JP, verisignclass3g3ca [jdk]=CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US, certumtrustednetworkca [jdk]=CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL, entrustevca [jdk]=CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US, teliasonerarootcav1 [jdk]=CN=TeliaSonera Root CA v1, O=TeliaSonera, utnuserfirsthardwareca [jdk]=CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US, tmarca=CN=Test Medicare Australia Root Certification Authority, OU=Medicare Australia, O=GOV, C=AU, globalsigneccrootcar5 [jdk]=CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R5, dtrustclass3ca2ev [jdk]=CN=D-TRUST Root Class 3 CA 2 EV 2009, O=D-Trust GmbH, C=DE, ttelesecglobalrootclass2ca [jdk]=CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE, starfieldservicesrootg2ca [jdk]=CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US, digicertglobalrootca [jdk]=CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US, addtrustqualifiedca [jdk]=CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE]) => null
: enter: [email protected]()
: exit: [email protected]() => [trustManager1-1649738792990@1961173763]
: enter: [email protected]()
: exit: [email protected]() => [keyManager1-1649738792992@1202683709]
: enter: [email protected](keyManagers = [DebugX509ExtendedKeyManager@1002021887(sun.security.ssl.SunX509KeyManagerImpl@47af7f3d)], trustManagers = [DebugX509ExtendedTrustManager@1712943792(sun.security.ssl.X509TrustManagerImpl@74e52303)], secureRandom = java.security.SecureRandom@5af3afd9)
: exit: [email protected](keyManagers = [DebugX509ExtendedKeyManager@1002021887(sun.security.ssl.SunX509KeyManagerImpl@47af7f3d)], trustManagers = [DebugX509ExtendedTrustManager@1712943792(sun.security.ssl.X509TrustManagerImpl@74e52303)], secureRandom = java.security.SecureRandom@5af3afd9) => null
: enter: [email protected]()
: exit: [email protected]() => sun.security.ssl.SSLSocketFactoryImpl@323b36e0
: enter: [email protected]()
: exit: [email protected]() => sun.security.ssl.SSLServerSocketFactoryImpl@44ebcd03
: enter: [email protected](chain = [CN=general.xxxxxxxxxxx.id.electronichealth.net.au, O=Server Org, DC=xxxxxxxxxx, DC=id, DC=electronichealth, DC=net, DC=au], authType = ECDHE_RSA, sslSocket = Socket[addr=/xxx.xxx.xxx.xxx,port=3801,localport=35034])
: exit: [email protected](chain = [CN=general.xxxxxxxxxx.id.electronichealth.net.au, O=Server Org, DC=xxxxxxxxxx, DC=id, DC=electronichealth, DC=net, DC=au], authType = ECDHE_RSA, sslSocket = Socket[addr=/xxx.xxx.xxx.xxx,port=3801,localport=35034]) => null
: Error establishing connections :
I am trying to connect to a rhapsody HL7 server using java, but am getting an error during the handshake. Here's the stacktrace:
javax.net.ssl.SSLException: [Ljava.lang.String; cannot be cast to java.lang.String
at sun.security.ssl.Alert.createSSLException(Alert.java:133) ~[na:1.8.0_312]
at sun.security.ssl.TransportContext.fatal(TransportContext.java:324) ~[na:1.8.0_312]
at sun.security.ssl.TransportContext.fatal(TransportContext.java:267) ~[na:1.8.0_312]
at sun.security.ssl.TransportContext.fatal(TransportContext.java:262) ~[na:1.8.0_312]
at sun.security.ssl.SSLSocketImpl.handleException(SSLSocketImpl.java:1563) ~[na:1.8.0_312]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:441) ~[na:1.8.0_312]
at sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:813) ~[na:1.8.0_312]
at sun.security.ssl.SSLSocketImpl.access$200(SSLSocketImpl.java:73) ~[na:1.8.0_312]
at sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:1175) ~[na:1.8.0_312]
at java.io.OutputStream.write(OutputStream.java:75) ~[na:1.8.0_312]
I have created a simple test case to identify why the error is occurring. Code sample below:
myKeystore = KeyStore.getInstance("JKS");
myTruststore = KeyStore.getInstance("JKS");
myKeystore.load(new FileInputStream(myKeystoreFilename), keyStorePassphrase); // this is a keystore with just the server public cert
myTruststore.load(new FileInputStream(myTruststoreFilename), trustStorePass); // this is the default java cacerts
SSLContext ctx = SSLContext.getInstance("TLSv1.2");
String algorithm = KeyManagerFactory.getDefaultAlgorithm(); // returns "SunX509" by default in 1.8
KeyManagerFactory kmf = KeyManagerFactory.getInstance(algorithm);
kmf.init(myKeystore, privateKeyPassphrase);
TrustManagerFactory tmf = TrustManagerFactory.getInstance(algorithm);
tmf.init(myTruststore);
TrustManager[] trustManagers = tmf.getTrustManagers();
KeyManager[] keyManagers = kmf.getKeyManagers();
ctx.init(keyManagers, trustManagers, new SecureRandom());
mySocketFactory = ctx.getSocketFactory();
SSLSocket sslsocket = (SSLSocket) mySocketFactory.getSocketFactory().createSocket(host, port);
InputStream in = sslsocket.getInputStream();
OutputStream out = sslsocket.getOutputStream();
String hello = "Hello World";
out.write(hello.getBytes());
while (in.available() > 0) {
LOGGER.debug("Incoming data stream :" + in.read());
}
I can see the error is thrown when I send the hello world text, during the handshake function, but I can't see why.
I've also attached the TLS debug log:
enter: [email protected]: keyStore = KeyStore([server_public_cert=CN=general.xxxxxxxxxxxx.id.electronichealth.net.au, O=Server Org, DC=xxxxxxxxxxxx, DC=id, DC=electronichealth, DC=net, DC=au]), password = [CENSORED]
: exit: [email protected]: keyStore = KeyStore([server_public_cert=CN=general.xxxxxxxxxxxx.id.electronichealth.net.au, O=Server Org, DC=xxxxxxxxxxxx, DC=id, DC=electronichealth, DC=net, DC=au]), password = [CENSORED] => null
: enter: [email protected]: args = KeyStore([verisignclass2g2ca [jdk]=OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US, digicertassuredidg3 [jdk]=CN=DigiCert Assured ID Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US, verisignuniversalrootca [jdk]=CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US, tmaoca=CN=Test Medicare Australia Organisation Certification Authority, OU=Medicare Australia, O=GOV, C=AU, digicerttrustedrootg4 [jdk]=CN=DigiCert Trusted Root G4, OU=www.digicert.com, O=DigiCert Inc, C=US, identrustpublicca [jdk]=CN=IdenTrust Public Sector Root CA 1, O=IdenTrust, C=US, utnuserfirstobjectca [jdk]=CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US, geotrustuniversalca [jdk]=CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US, digicertglobalrootg3 [jdk]=CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US, deutschetelekomrootca2 [jdk]=CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche Telekom AG, C=DE, entrustrootcaec1 [jdk]=CN=Entrust Root Certification Authority - EC1, OU="(c) 2012 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US, secomscrootca1 [jdk]=OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP, globalsignr2ca [jdk]=CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2, identrustdstx3 [jdk]=CN=DST Root CA X3, O=Digital Signature Trust Co., comodoeccca [jdk]=CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB, entrust2048ca [jdk]=CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net, addtrustexternalca [jdk]=CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE, globalsigneccrootcar4 [jdk]=CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4, digisigningcsp=[CN=general.8003630833412103.id.electronichealth.net.au, OU=Diginostic Pty Ltd, O=Diginostic Pty Ltd, DC=8003630833412103, DC=id, DC=electronichealth, DC=net, DC=au,CN=Medicare Australia Organisation Certification Authority, OU=Medicare Australia, O=GOV, C=AU,CN=Medicare Australia Root Certification Authority, OU=Medicare Australia, O=GOV, C=AU], usertrustrsaca [jdk]=CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US, digicertassuredidrootca [jdk]=CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US, digicertglobalrootg2 [jdk]=CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US, actalisauthenticationrootca [jdk]=CN=Actalis Authentication Root CA, O=Actalis S.p.A./03358520967, L=Milan, C=IT, digicertassuredidg2 [jdk]=CN=DigiCert Assured ID Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US, swisssigngoldg2ca [jdk]=CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH, medicare australia org cert sha1=CN=Medicare Australia Organisation Certification Authority, OU=Medicare Australia, O=GOV, C=AU, entrustrootcag2 [jdk]=CN=Entrust Root Certification Authority - G2, OU="(c) 2009 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US, quovadisrootca2g3 [jdk]=CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM, utnuserfirstclientauthemailca [jdk]=CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US, securetrustca [jdk]=CN=SecureTrust CA, O=SecureTrust Corporation, C=US, camerfirmachambersca [jdk]=CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU, geotrustprimaryca [jdk]=CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US, identrustcommercial [jdk]=CN=IdenTrust Commercial Root CA 1, O=IdenTrust, C=US, thawteprimaryrootcag3 [jdk]=CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US, buypassclass3ca [jdk]=CN=Buypass Class 3 Root CA, O=Buypass AS-983163327, C=NO, verisigntsaca [jdk]=CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA, testmca=CN=Test Medicare Australia :6278034019, O=Medicare Australia, L=TUGGERANONG, ST=ACT, C=AU, verisignclass3g4ca [jdk]=CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US, baltimorecybertrustca [jdk]=CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE, luxtrustglobalrootca [jdk]=CN=LuxTrust Global Root, O=LuxTrust s.a., C=LU, verisignclass3g2ca [jdk]=OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US, camerfirmachamberscommerceca [jdk]=CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU, soneraclass2ca [jdk]=CN=Sonera Class2 CA, O=Sonera, C=FI, affirmtrustnetworkingca [jdk]=CN=AffirmTrust Networking, O=AffirmTrust, C=US, northernhealthpubliccert=CN=general.8003620833375509.id.electronichealth.net.au, O=Northern Health, DC=8003620833375509, DC=id, DC=electronichealth, DC=net, DC=au, ttelesecglobalrootclass3ca [jdk]=CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE, xrampglobalca [jdk]=CN=XRamp Global Certification Authority, O=XRamp Security Services Inc, OU=www.xrampsecurity.com, C=US, geotrustprimarycag3 [jdk]=CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US, camerfirmachambersignca [jdk]=CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU, thawteprimaryrootcag2 [jdk]=CN=thawte Primary Root CA - G2, OU="(c) 2007 thawte, Inc. - For authorized use only", O="thawte, Inc.", C=US, usertrusteccca [jdk]=CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US, certplusclass3pprimaryca [jdk]=CN=Class 3P Primary CA, O=Certplus, C=FR, swisssignsilverg2ca [jdk]=CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH, affirmtrustpremiumca [jdk]=CN=AffirmTrust Premium, O=AffirmTrust, C=US, globalsignca [jdk]=CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE, dtrustclass3ca2 [jdk]=CN=D-TRUST Root Class 3 CA 2 2009, O=D-Trust GmbH, C=DE, affirmtrustcommercialca [jdk]=CN=AffirmTrust Commercial, O=AffirmTrust, C=US, letsencryptisrgx1 [jdk]=CN=ISRG Root X1, O=Internet Security Research Group, C=US, thawtepremiumserverca [jdk][email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA, comodoaaaca [jdk]=CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB, geotrustprimarycag2 [jdk]=CN=GeoTrust Primary Certification Authority - G2, OU=(c) 2007 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US, globalsignr3ca [jdk]=CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3, thawteprimaryrootca [jdk]=CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US, quovadisrootca3 [jdk]=CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM, starfieldclass2ca [jdk]=OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US, starfieldrootg2ca [jdk]=CN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US, verisignclass3ca [jdk]=OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US, affirmtrustpremiumeccca [jdk]=CN=AffirmTrust Premium ECC, O=AffirmTrust, C=US, geotrustglobalca [jdk]=CN=GeoTrust Global CA, O=GeoTrust Inc., C=US, godaddyclass2ca [jdk]=OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US, godaddyrootg2ca [jdk]=CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US, verisignclass3g5ca [jdk]=CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US, quovadisrootca2 [jdk]=CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM, certumca [jdk]=CN=Certum CA, O=Unizeto Sp. z o.o., C=PL, medicare australia root cert sha2=CN=Medicare Australia Root Certification Authority, OU=Humanservices, O=GOV, C=AU, swisssignplatinumg2ca [jdk]=CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH, medicare australia root cert sha1=CN=Medicare Australia Root Certification Authority, OU=Medicare Australia, O=GOV, C=AU, chunghwaepkirootca [jdk]=OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd.", C=TW, quovadisrootca3g3 [jdk]=CN=QuoVadis Root CA 3 G3, O=QuoVadis Limited, C=BM, addtrustclass1ca [jdk]=CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE, quovadisrootca [jdk]=CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM, digicerthighassuranceevrootca [jdk]=CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US, quovadisrootca1g3 [jdk]=CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM, certplusclass2primaryca [jdk]=CN=Class 2 Primary CA, O=Certplus, C=FR, keynectisrootca [jdk]=CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR, comodorsaca [jdk]=CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB, buypassclass2ca [jdk]=CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO, secomscrootca2 [jdk]=OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.", C=JP, verisignclass3g3ca [jdk]=CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US, certumtrustednetworkca [jdk]=CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL, entrustevca [jdk]=CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US, teliasonerarootcav1 [jdk]=CN=TeliaSonera Root CA v1, O=TeliaSonera, utnuserfirsthardwareca [jdk]=CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US, tmarca=CN=Test Medicare Australia Root Certification Authority, OU=Medicare Australia, O=GOV, C=AU, globalsigneccrootcar5 [jdk]=CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R5, dtrustclass3ca2ev [jdk]=CN=D-TRUST Root Class 3 CA 2 EV 2009, O=D-Trust GmbH, C=DE, ttelesecglobalrootclass2ca [jdk]=CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE, starfieldservicesrootg2ca [jdk]=CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US, digicertglobalrootca [jdk]=CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US, addtrustqualifiedca [jdk]=CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE])
: exit: [email protected]: args = KeyStore([verisignclass2g2ca [jdk]=OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US, digicertassuredidg3 [jdk]=CN=DigiCert Assured ID Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US, verisignuniversalrootca [jdk]=CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US, tmaoca=CN=Test Medicare Australia Organisation Certification Authority, OU=Medicare Australia, O=GOV, C=AU, digicerttrustedrootg4 [jdk]=CN=DigiCert Trusted Root G4, OU=www.digicert.com, O=DigiCert Inc, C=US, identrustpublicca [jdk]=CN=IdenTrust Public Sector Root CA 1, O=IdenTrust, C=US, utnuserfirstobjectca [jdk]=CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US, geotrustuniversalca [jdk]=CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US, digicertglobalrootg3 [jdk]=CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US, deutschetelekomrootca2 [jdk]=CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche Telekom AG, C=DE, entrustrootcaec1 [jdk]=CN=Entrust Root Certification Authority - EC1, OU="(c) 2012 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US, secomscrootca1 [jdk]=OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP, globalsignr2ca [jdk]=CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2, identrustdstx3 [jdk]=CN=DST Root CA X3, O=Digital Signature Trust Co., comodoeccca [jdk]=CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB, entrust2048ca [jdk]=CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net, addtrustexternalca [jdk]=CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE, globalsigneccrootcar4 [jdk]=CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4, digisigningcsp=[CN=general.8003630833412103.id.electronichealth.net.au, OU=Diginostic Pty Ltd, O=Diginostic Pty Ltd, DC=8003630833412103, DC=id, DC=electronichealth, DC=net, DC=au,CN=Medicare Australia Organisation Certification Authority, OU=Medicare Australia, O=GOV, C=AU,CN=Medicare Australia Root Certification Authority, OU=Medicare Australia, O=GOV, C=AU], usertrustrsaca [jdk]=CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US, digicertassuredidrootca [jdk]=CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US, digicertglobalrootg2 [jdk]=CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US, actalisauthenticationrootca [jdk]=CN=Actalis Authentication Root CA, O=Actalis S.p.A./03358520967, L=Milan, C=IT, digicertassuredidg2 [jdk]=CN=DigiCert Assured ID Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US, swisssigngoldg2ca [jdk]=CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH, medicare australia org cert sha1=CN=Medicare Australia Organisation Certification Authority, OU=Medicare Australia, O=GOV, C=AU, entrustrootcag2 [jdk]=CN=Entrust Root Certification Authority - G2, OU="(c) 2009 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US, quovadisrootca2g3 [jdk]=CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM, utnuserfirstclientauthemailca [jdk]=CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US, securetrustca [jdk]=CN=SecureTrust CA, O=SecureTrust Corporation, C=US, camerfirmachambersca [jdk]=CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU, geotrustprimaryca [jdk]=CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US, identrustcommercial [jdk]=CN=IdenTrust Commercial Root CA 1, O=IdenTrust, C=US, thawteprimaryrootcag3 [jdk]=CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US, buypassclass3ca [jdk]=CN=Buypass Class 3 Root CA, O=Buypass AS-983163327, C=NO, verisigntsaca [jdk]=CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA, testmca=CN=Test Medicare Australia :6278034019, O=Medicare Australia, L=TUGGERANONG, ST=ACT, C=AU, verisignclass3g4ca [jdk]=CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US, baltimorecybertrustca [jdk]=CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE, luxtrustglobalrootca [jdk]=CN=LuxTrust Global Root, O=LuxTrust s.a., C=LU, verisignclass3g2ca [jdk]=OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US, camerfirmachamberscommerceca [jdk]=CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU, soneraclass2ca [jdk]=CN=Sonera Class2 CA, O=Sonera, C=FI, affirmtrustnetworkingca [jdk]=CN=AffirmTrust Networking, O=AffirmTrust, C=US, northernhealthpubliccert=CN=general.8003620833375509.id.electronichealth.net.au, O=Northern Health, DC=8003620833375509, DC=id, DC=electronichealth, DC=net, DC=au, ttelesecglobalrootclass3ca [jdk]=CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE, xrampglobalca [jdk]=CN=XRamp Global Certification Authority, O=XRamp Security Services Inc, OU=www.xrampsecurity.com, C=US, geotrustprimarycag3 [jdk]=CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US, camerfirmachambersignca [jdk]=CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU, thawteprimaryrootcag2 [jdk]=CN=thawte Primary Root CA - G2, OU="(c) 2007 thawte, Inc. - For authorized use only", O="thawte, Inc.", C=US, usertrusteccca [jdk]=CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US, certplusclass3pprimaryca [jdk]=CN=Class 3P Primary CA, O=Certplus, C=FR, swisssignsilverg2ca [jdk]=CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH, affirmtrustpremiumca [jdk]=CN=AffirmTrust Premium, O=AffirmTrust, C=US, globalsignca [jdk]=CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE, dtrustclass3ca2 [jdk]=CN=D-TRUST Root Class 3 CA 2 2009, O=D-Trust GmbH, C=DE, affirmtrustcommercialca [jdk]=CN=AffirmTrust Commercial, O=AffirmTrust, C=US, letsencryptisrgx1 [jdk]=CN=ISRG Root X1, O=Internet Security Research Group, C=US, thawtepremiumserverca [jdk][email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA, comodoaaaca [jdk]=CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB, geotrustprimarycag2 [jdk]=CN=GeoTrust Primary Certification Authority - G2, OU=(c) 2007 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US, globalsignr3ca [jdk]=CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3, thawteprimaryrootca [jdk]=CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US, quovadisrootca3 [jdk]=CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM, starfieldclass2ca [jdk]=OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US, starfieldrootg2ca [jdk]=CN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US, verisignclass3ca [jdk]=OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US, affirmtrustpremiumeccca [jdk]=CN=AffirmTrust Premium ECC, O=AffirmTrust, C=US, geotrustglobalca [jdk]=CN=GeoTrust Global CA, O=GeoTrust Inc., C=US, godaddyclass2ca [jdk]=OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US, godaddyrootg2ca [jdk]=CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US, verisignclass3g5ca [jdk]=CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US, quovadisrootca2 [jdk]=CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM, certumca [jdk]=CN=Certum CA, O=Unizeto Sp. z o.o., C=PL, medicare australia root cert sha2=CN=Medicare Australia Root Certification Authority, OU=Humanservices, O=GOV, C=AU, swisssignplatinumg2ca [jdk]=CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH, medicare australia root cert sha1=CN=Medicare Australia Root Certification Authority, OU=Medicare Australia, O=GOV, C=AU, chunghwaepkirootca [jdk]=OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd.", C=TW, quovadisrootca3g3 [jdk]=CN=QuoVadis Root CA 3 G3, O=QuoVadis Limited, C=BM, addtrustclass1ca [jdk]=CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE, quovadisrootca [jdk]=CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM, digicerthighassuranceevrootca [jdk]=CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US, quovadisrootca1g3 [jdk]=CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM, certplusclass2primaryca [jdk]=CN=Class 2 Primary CA, O=Certplus, C=FR, keynectisrootca [jdk]=CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR, comodorsaca [jdk]=CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB, buypassclass2ca [jdk]=CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO, secomscrootca2 [jdk]=OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.", C=JP, verisignclass3g3ca [jdk]=CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US, certumtrustednetworkca [jdk]=CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL, entrustevca [jdk]=CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US, teliasonerarootcav1 [jdk]=CN=TeliaSonera Root CA v1, O=TeliaSonera, utnuserfirsthardwareca [jdk]=CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US, tmarca=CN=Test Medicare Australia Root Certification Authority, OU=Medicare Australia, O=GOV, C=AU, globalsigneccrootcar5 [jdk]=CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R5, dtrustclass3ca2ev [jdk]=CN=D-TRUST Root Class 3 CA 2 EV 2009, O=D-Trust GmbH, C=DE, ttelesecglobalrootclass2ca [jdk]=CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE, starfieldservicesrootg2ca [jdk]=CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US, digicertglobalrootca [jdk]=CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US, addtrustqualifiedca [jdk]=CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE]) => null
: enter: [email protected]()
: exit: [email protected]() => [trustManager1-1649738792990@1961173763]
: enter: [email protected]()
: exit: [email protected]() => [keyManager1-1649738792992@1202683709]
: enter: [email protected](keyManagers = [DebugX509ExtendedKeyManager@1002021887(sun.security.ssl.SunX509KeyManagerImpl@47af7f3d)], trustManagers = [DebugX509ExtendedTrustManager@1712943792(sun.security.ssl.X509TrustManagerImpl@74e52303)], secureRandom = java.security.SecureRandom@5af3afd9)
: exit: [email protected](keyManagers = [DebugX509ExtendedKeyManager@1002021887(sun.security.ssl.SunX509KeyManagerImpl@47af7f3d)], trustManagers = [DebugX509ExtendedTrustManager@1712943792(sun.security.ssl.X509TrustManagerImpl@74e52303)], secureRandom = java.security.SecureRandom@5af3afd9) => null
: enter: [email protected]()
: exit: [email protected]() => sun.security.ssl.SSLSocketFactoryImpl@323b36e0
: enter: [email protected]()
: exit: [email protected]() => sun.security.ssl.SSLServerSocketFactoryImpl@44ebcd03
: enter: [email protected](chain = [CN=general.xxxxxxxxxxx.id.electronichealth.net.au, O=Server Org, DC=xxxxxxxxxx, DC=id, DC=electronichealth, DC=net, DC=au], authType = ECDHE_RSA, sslSocket = Socket[addr=/xxx.xxx.xxx.xxx,port=3801,localport=35034])
: exit: [email protected](chain = [CN=general.xxxxxxxxxx.id.electronichealth.net.au, O=Server Org, DC=xxxxxxxxxx, DC=id, DC=electronichealth, DC=net, DC=au], authType = ECDHE_RSA, sslSocket = Socket[addr=/xxx.xxx.xxx.xxx,port=3801,localport=35034]) => null
: Error establishing connections :
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我仍然不接近知道为什么会出现错误,但是我重建了JKS Keystores,还编写了一些密钥实用功能来构建请求中使用的键,并且它才开始工作。我怀疑这不是密钥店,而是SSLSOCKETCOCTFACTORY的创建方式。如果有人有兴趣,我可以发布代码。
I am still no closer to knowing why the error was thrown, But I rebuilt the JKS keystores and also wrote some key utility functions to build the keys used in the request and it just started working. I suspect it wasn't the keystore but the way the sslSocketFactory was created. If anybody is interested I can post the code.