我正在使用spring-ws调用安全的肥皂网络服务。我有一个客户证书来签署我的外发请求,也有一个服务器证书来验证服务器的响应。
这是控制台输出
01:12:24.373 [main] INFO org.springframework.ws.soap.saaj.SaajSoapMessageFactory - Creating SAAJ 1.3 MessageFactory with SOAP 1.1 Protocol
01:12:24.418 [main] DEBUG org.springframework.ws.soap.saaj.SaajSoapMessageFactory - Using MessageFactory class [com.sun.xml.internal.messaging.saaj.soap.ver1_1.SOAPMessageFactory1_1Impl]
01:12:25.378 [main] INFO com.myapp.WsConfig - Loaded keystore: file:/C:/dev/git/myapp/target/classes/cert/client-keystore.p12
01:12:25.455 [main] INFO com.myapp.WsConfig - Loaded trustStore: file:/C:/dev/git/myapp/target/classes/cert/client-truststore.jks
01:12:26.469 [main] DEBUG org.springframework.ws.transport.http.HttpsUrlConnectionMessageSender - Initialized SSL Context with key managers [sun.security.ssl.SunX509KeyManagerImpl@2133814f] trust managers [sun.security.ssl.X509TrustManagerImpl@4c15e7fd] secure random [null]
01:12:26.475 [main] DEBUG org.springframework.ws.client.core.WebServiceTemplate - Opening [org.springframework.ws.transport.http.HttpUrlConnection@38c5cc4c] to [https://integration-env.com/service-gateway.v1]
01:12:26.544 [main] INFO org.springframework.oxm.jaxb.Jaxb2Marshaller - Creating JAXBContext with context path [com.myapp.generated]
01:12:27.530 [main] DEBUG org.springframework.ws.client.MessageTracing.sent - Sent request [SaajSoapMessage {urn:services-types:v1}Request]
01:12:27.973 [main] DEBUG org.springframework.ws.transport.support.TransportUtils - Could not close WebServiceConnection
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1964)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1334)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1309)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:259)
at org.springframework.ws.transport.http.HttpUrlConnection.getRequestOutputStream(HttpUrlConnection.java:89)
at org.springframework.ws.transport.AbstractSenderConnection$RequestTransportOutputStream.createOutputStream(AbstractSenderConnection.java:87)
at org.springframework.ws.transport.TransportOutputStream.getOutputStream(TransportOutputStream.java:41)
at org.springframework.ws.transport.TransportOutputStream.close(TransportOutputStream.java:49)
at org.springframework.ws.transport.AbstractWebServiceConnection.close(AbstractWebServiceConnection.java:141)
at org.springframework.ws.transport.support.TransportUtils.closeConnection(TransportUtils.java:45)
at org.springframework.ws.client.core.WebServiceTemplate.sendAndReceive(WebServiceTemplate.java:564)
at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:390)
at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:383)
at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:373)
at com.myapp.SprinClient.getScoring(SprinClient.java:31)
at com.myapp.ClientTest.runService.java:26)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at org.junit.runner.JUnitCore.run(JUnitCore.java:137)
at com.intellij.junit4.JUnit4IdeaTestRunner.startRunnerWithArgs(JUnit4IdeaTestRunner.java:68)
at com.intellij.rt.execution.junit.IdeaTestRunner$Repeater.startRunnerWithArgs(IdeaTestRunner.java:47)
at com.intellij.rt.execution.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:242)
at com.intellij.rt.execution.junit.JUnitStarter.main(JUnitStarter.java:70)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
at sun.security.validator.Validator.validate(Validator.java:262)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
... 46 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
... 52 common frames omitted
这是我的配置:
@Configuration
public class WsConfig {
private static final Logger log = LoggerFactory.getLogger(WsConfig.class);
@Value("${default-uri}")
private String defaultUri;
@Value("${ssl.trust-store}")
private Resource trustStore;
@Value("${ssl.trust-store-password}")
private String trustStorePassword;
@Value("${ssl.key-store}")
private Resource keyStore;
@Value("${ssl.key-store-password}")
private String keyStorePassword;
@Bean
public Jaxb2Marshaller jaxb2Marshaller() {
Jaxb2Marshaller marshaller = new Jaxb2Marshaller();
marshaller.setContextPath("com.myapp.generated");
return marshaller;
}
@Bean
public WebServiceTemplate webServiceTemplate() throws Exception {
WebServiceTemplate webServiceTemplate = new WebServiceTemplate();
webServiceTemplate.setMarshaller(jaxb2Marshaller());
webServiceTemplate.setUnmarshaller(jaxb2Marshaller());
webServiceTemplate.setDefaultUri(defaultUri);
webServiceTemplate.setMessageSender(httpsUrlConnectionMessageSender());
return webServiceTemplate;
}
@Bean
public HttpsUrlConnectionMessageSender httpsUrlConnectionMessageSender() throws Exception {
KeyStore keyStore = KeyStore.getInstance("PKCS12");
keyStore.load(this.keyStore.getInputStream(), keyStorePassword.toCharArray());
log.info("Loaded keystore: {}", this.keyStore.getURI().toString());
this.keyStore.getInputStream().close();
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
keyManagerFactory.init(keyStore, keyStorePassword.toCharArray());
KeyStore trustStore = KeyStore.getInstance("JKS");
trustStore.load(this.trustStore.getInputStream(), trustStorePassword.toCharArray());
log.info("Loaded trustStore: " + this.trustStore.getURI().toString());
this.trustStore.getInputStream().close();
TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trustStore);
HttpsUrlConnectionMessageSender messageSender = new HttpsUrlConnectionMessageSender();
messageSender.setKeyManagers(keyManagerFactory.getKeyManagers());
messageSender.setTrustManagers(trustManagerFactory.getTrustManagers());
return messageSender;
}
在“我的客户”类中,我像这样使用该webServiceTemplate:
@Component
public class WsClient {
private static final Logger log = LoggerFactory.getLogger(WsClient.class);
private WebServiceTemplate webServiceTemplate;
@Autowired
public SpringArvatoClient(WebServiceTemplate webServiceTemplate) {
this.webServiceTemplate = webServiceTemplate;
}
public void callService(DataObject data) {
JAXBElement<RequestType> request = createRequestType(data);
ResponseType response = (ResponseType) webServiceTemplate
.marshalSendAndReceive(request);
}
在soapUI中,我能够运行请求并正确接收响应。我认为这可能会失败,因为我没有正确设置spring-ws的安全性。我添加了密钥库和信任库以及两个* store-passwords。此外,在soapUI中,我能够设置具体的签名算法,摘要算法和签名规范化,但是我不知道如何使用spring-ws进行设置。
这是我的soapUI安全配置:
更新(ssl日志):
请参阅我的其他答复,因为stackoverflow将此主体限制为30000个字符。
答案 0 :(得分:0)
从错误行下面很清楚,当在提到的位置检查密钥库文件时,找不到它。路径设置不正确。
sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
它在SoapUI上运行的原因是它要求您在SoapUI的配置中加载文件。
如果有属性文件,还请检查以下资源的物理位置,请检查其中是否具有正确的路径。
@Value("${default-uri}")
private String defaultUri;
@Value("${ssl.trust-store}")
private Resource trustStore;
@Value("${ssl.trust-store-password}")
private String trustStorePassword;
@Value("${ssl.key-store}")
private Resource keyStore;
@Value("${ssl.key-store-password}")
private String keyStorePassword;
答案 1 :(得分:0)
更新(ssl日志):
15:06:34.060 [main] INFO org.springframework.ws.soap.saaj.SaajSoapMessageFactory - Creating SAAJ 1.3 MessageFactory with SOAP 1.1 Protocol
15:06:34.097 [main] DEBUG org.springframework.ws.soap.saaj.SaajSoapMessageFactory - Using MessageFactory class [com.sun.xml.internal.messaging.saaj.soap.ver1_1.SOAPMessageFactory1_1Impl]
15:06:35.049 [main] INFO com.myapp.base.service.WsConfig - Loaded keystore: file:/C:/dev/git/myapp/base-be/base-service-provider/target/classes/cert/client-keystore.p12
***
found key for : integration
chain [0] = [
[
Version: V3
Subject: CN=INTEGRATION, OU=Inte, O=INTEGRATION, L=Baden-Baden, ST=Baden-Wuerttemberg, C=DE
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 4096 bits
modulus: 785762...
public exponent: 65537
Validity: [From: Wed Oct 14 08:59:04 CEST 2015,
To: Sat Oct 14 08:59:04 CEST 2023]
Issuer: EMAILADDRESS=certificate@csservice.provider-sys.de, CN=ASY Server CA, OU=Application Hosting, O=provider sys GmbH, L=Neustadt, ST=NRW, C=DE
SerialNumber: [ c0]
Certificate Extensions: 7
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1E 16 1C 41 53 59 20 43 41 20 47 65 6E 65 72 ....ASY CA Gener
0010: 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 65 ated Certificate
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 78 BF C1 12 7C 6A 88 23 CD E2 2D 2B 03 56 DA 80 x....j.#..-+.V..
0010: E0 FA 15 ED ....
]
[EMAILADDRESS=certificate@csservice.provider-sys.de, CN=provider sys - CA0 Primary Certification Authority, OU=Security, O=provider sys GmbH, L=Neustadt, ST=NRW, C=DE]
SerialNumber: [ 0b]
]
[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
[4]: ObjectId: 2.5.29.18 Criticality=false
IssuerAlternativeName [
RFC822Name: certificate@csservice.provider-sys.de
]
[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
[6]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
SSL client
S/MIME
Object Signing
]
[7]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 2E A8 60 57 8F 1B 4D DE F7 A7 6A 0A B3 B0 1D 3D ..`W..M...j....=
0010: C5 85 62 1C ..b.
]
]
Unparseable certificate extensions: 1
[1]: ObjectId: 2.5.29.17 Criticality=false
Unparseable SubjectAlternativeName extension due to
java.io.IOException: No data available in passed DER encoded value.
0000: 30 00 0.
]
Algorithm: [SHA1withRSA]
Signature:
0000: 54 28 38 06 2F 95 72 40 F9 FB CC 7C AB FA 5F B5 T(8./.r@......_.
0010: 7E CF 70 E4 59 6B 96 4C ED 94 EA 35 74 E9 4C 6B ..p.Yk.L...5t.Lk
...
00F0: B2 77 82 13 D4 F1 10 96 1C C8 19 9E 05 D8 9C 1B .w..............
]
***
15:06:35.118 [main] INFO com.myapp.base.service.WsConfig - Loaded trustStore: file:/C:/dev/git/myapp/base-be/base-service-provider/target/classes/cert/client-truststore.jks
adding as trusted cert:
Subject: CN=big-response, OU=IT, O=company GmbH, L=Baden-Baden, ST=Baden-Wuerttemberg, C=DE
Issuer: EMAILADDRESS=certificate@csservice.provider-sys.de, CN=ASY Server CA, OU=Application Hosting, O=provider sys GmbH, L=Neustadt, ST=NRW, C=DE
Algorithm: RSA; Serial number: 0x86
Valid from Mon Apr 20 22:45:43 CEST 2015 until Sat Aug 10 22:45:43 CEST 2024
15:06:35.140 [main] INFO com.myapp.base.service.SpringproviderClient - Requesting person score for: Peter Müller...
Ignoring disabled cipher suite: SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
Ignoring disabled cipher suite: SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
Ignoring disabled cipher suite: TLS_KRB5_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5
Ignoring disabled cipher suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
Ignoring disabled cipher suite: TLS_KRB5_WITH_3DES_EDE_CBC_MD5
Ignoring disabled cipher suite: SSL_DH_anon_WITH_RC4_128_MD5
Ignoring disabled cipher suite: SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: SSL_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
Ignoring disabled cipher suite: TLS_ECDH_anon_WITH_RC4_128_SHA
Ignoring disabled cipher suite: TLS_KRB5_EXPORT_WITH_RC4_40_SHA
Ignoring disabled cipher suite: SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
Ignoring disabled cipher suite: TLS_KRB5_WITH_RC4_128_SHA
Ignoring disabled cipher suite: SSL_RSA_EXPORT_WITH_RC4_40_MD5
Ignoring disabled cipher suite: TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA
Ignoring disabled cipher suite: TLS_KRB5_EXPORT_WITH_RC4_40_MD5
Ignoring disabled cipher suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA
Ignoring disabled cipher suite: TLS_KRB5_WITH_RC4_128_MD5
Ignoring disabled cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: SSL_RSA_WITH_RC4_128_SHA
Ignoring disabled cipher suite: TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: TLS_ECDH_RSA_WITH_RC4_128_SHA
Ignoring disabled cipher suite: SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
Ignoring disabled cipher suite: SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
Ignoring disabled cipher suite: SSL_RSA_WITH_RC4_128_MD5
Ignoring disabled cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: SSL_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: SSL_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
trustStore is: No File Available, using empty keystore.
trustStore type is : jks
trustStore provider is :
init truststore
keyStore is : cert/client-keystore.p12
keyStore type is : jks
keyStore provider is :
trigger seeding of SecureRandom
done seeding SecureRandom
15:06:35.998 [main] DEBUG org.springframework.ws.transport.http.HttpsUrlConnectionMessageSender - Initialized SSL Context with key managers [sun.security.ssl.SunX509KeyManagerImpl@23529fee] trust managers [sun.security.ssl.X509TrustManagerImpl@4fe767f3] secure random [null]
15:06:36.004 [main] DEBUG org.springframework.ws.client.core.WebServiceTemplate - Opening [org.springframework.ws.transport.http.HttpUrlConnection@14d3bc22] to [https://integration-big.finance.provider.com/product/big/business-information-gateway.v1.2]
15:06:36.086 [main] INFO org.springframework.oxm.jaxb.Jaxb2Marshaller - Creating JAXBContext with context path [com.myapp.base.service.provider.generated]
15:06:37.333 [main] DEBUG org.springframework.ws.client.MessageTracing.sent - Sent request [SaajSoapMessage {urn:big-services-types:v1.2}Request]
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
main, setSoTimeout(0) called
main, the previous server name in SNI (type=host_name (0), value=integration-big.finance.provider.com) was replaced with (type=host_name (0), value=integration-big.finance.provider.com)
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1523263581 bytes = { 157, 84, 247, 157, 102, 185, 160, 253, 225, 94, 207, 129, 26, 5, 32, 166, 246, 45, 135, 19, 99, 14, 52, 150, 110, 73, 254, 116 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension extended_master_secret
Extension server_name, server_name: [type=host_name (0), value=integration-big.finance.provider.com]
***
main, WRITE: TLSv1.2 Handshake, length = 236
main, READ: TLSv1.2 Handshake, length = 93
*** ServerHello, TLSv1.2
RandomCookie: GMT: 640777025 bytes = { 33, 3, 88, 115, 39, 70, 25, 86, 20, 156, 190, 200, 89, 97, 247, 220, 222, 129, 188, 142, 172, 117, 181, 226, 255, 198, 177, 176 }
Session ID: {102, 101, 195, 164, 70, 236, 103, 43, 201, 13, 226, 55, 40, 70, 151, 80, 232, 28, 4, 240, 43, 202, 54, 126, 231, 1, 13, 24, 236, 240, 176, 177}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Compression Method: 0
Extension server_name, server_name:
Extension renegotiation_info, renegotiated_connection: <empty>
Extension ec_point_formats, formats: [uncompressed, ansiX962_compressed_prime, ansiX962_compressed_char2]
***
%% Initialized: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
** TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
main, READ: TLSv1.2 Handshake, length = 2940
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=big.finance.provider.com, O=provider sys GmbH, L=Neustadt, ST=Nordrhein-Westfalen, C=DE
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 265764493...
public exponent: 65537
Validity: [From: Fri Aug 10 02:00:00 CEST 2018,
To: Sun Oct 25 13:00:00 CET 2020]
Issuer: CN=GeoTrust TLS RSA CA G1, OU=www.digicert.com, O=DigiCert Inc, C=US
SerialNumber: [ 0fe6a4fc c5d93b55 f85fdaba 1d765c2f]
Certificate Extensions: 10
[1]: ObjectId: 1.3.6.1.4.1.11129.2.4.2 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 82 01 6C 04 82 01 68 01 66 00 76 00 A4 B9 09 ...l...h.f.v....
0010: 90 B4 18 58 14 87 BB 13 A2 CC 67 70 0A 3C 35 98 ...X......gp.<5.
...
0160: 54 EA 7E 31 14 6E EA 21 19 44 0E C0 97 B0 4A 34 T..1.n.!.D....J4
[2]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://status.geotrust.com
,
accessMethod: caIssuers
accessLocation: URIName: http://cacerts.geotrust.com/GeoTrustTLSRSACAG1.crt
]
]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 94 4F D4 5D 8B E4 A4 E2 A6 80 FE FD D8 F9 00 EF .O.]............
0010: A3 BE 02 57 ...W
]
]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
[5]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://cdp.geotrust.com/GeoTrustTLSRSACAG1.crl]
]]
[6]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.114412.1.1]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 64 69 ..https://www.di
0010: 67 69 63 65 72 74 2E 63 6F 6D 2F 43 50 53 gicert.com/CPS
]] ]
[CertificatePolicyId: [2.23.140.1.2.2]
[] ]
]
[7]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
[8]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
[9]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: big.finance.provider.com
DNSName: acceptance-big.finance.provider.com
DNSName: integration-big.finance.provider.com
]
[10]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: B7 CD F4 D3 84 2E D2 B5 0D 6F BE 18 C4 75 BD E3 .........o...u..
0010: A2 51 7A 4A .QzJ
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 5F B7 0D DC 75 3F EE 4F D3 15 12 6C 56 47 C5 D8 _...u?.O...lVG..
0010: 83 04 01 F9 23 40 E9 72 0E 19 7A 69 A4 F7 1F FD ....#@.r..zi....
...
00F0: 3F 33 BF 95 7D D8 C9 B2 3F 88 5E 46 FA B1 D8 46 ?3......?.^F...F
]
chain [1] = [
[
Version: V3
Subject: CN=GeoTrust TLS RSA CA G1, OU=www.digicert.com, O=DigiCert Inc, C=US
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 2399706833...
public exponent: 65537
Validity: [From: Thu Nov 02 13:23:37 CET 2017,
To: Tue Nov 02 13:23:37 CET 2027]
Issuer: CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US
SerialNumber: [ 0d07782a 133fc6f9 a57296e1 31ffd179]
Certificate Extensions: 8
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://ocsp.digicert.com
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 4E 22 54 20 18 95 E6 E3 6E E6 0F FA FA B9 12 ED N"T ....n.......
0010: 06 17 8F 39 ...9
]
]
[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl3.digicert.com/DigiCertGlobalRootG2.crl]
]]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.5.29.32.0]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 64 69 ..https://www.di
0010: 67 69 63 65 72 74 2E 63 6F 6D 2F 43 50 53 gicert.com/CPS
]] ]
]
[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
[7]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
]
[8]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 94 4F D4 5D 8B E4 A4 E2 A6 80 FE FD D8 F9 00 EF .O.]............
0010: A3 BE 02 57 ...W
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 82 1C 04 3A 82 E9 C5 A9 C8 65 12 5C 08 E3 01 C6 ...:.....e.\....
0010: 30 B0 AE 22 88 61 7B 2B 07 86 F7 B8 B5 44 9C F5 0..".a.+.....D..
...
00F0: 1E 12 78 CE 98 F2 5F FB 30 14 69 3C 2C FA 97 C6 ..x..._.0.i<,...
]
***
%% Invalidated: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
main, SEND TLSv1.2 ALERT: fatal, description = certificate_unknown
main, WRITE: TLSv1.2 Alert, length = 2
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
main, called close()
main, called closeInternal(true)
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
main, setSoTimeout(0) called
main, the previous server name in SNI (type=host_name (0), value=integration-big.finance.provider.com) was replaced with (type=host_name (0), value=integration-big.finance.provider.com)
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
...
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1523263582 bytes = { 233, 137, 188, 176, 188, 141, 243, 246, 241, 46, 216, 176, 148, 127, 13, 141, 61, 15, 229, 181, 114, 136, 25, 152, 186, 210, 74, 84 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, ...TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension extended_master_secret
Extension server_name, server_name: [type=host_name (0), value=integration-big.finance.provider.com]
***
main, WRITE: TLSv1.2 Handshake, length = 236
main, READ: TLSv1.2 Handshake, length = 93
*** ServerHello, TLSv1.2
RandomCookie: GMT: -1281780602 bytes = { 25, 40, 240, 160, 112, 50, 173, 202, 228, 58, 25, 10, 96, 229, 146, 183, 117, 29, 144, 139, 251, 115, 129, 238, 237, 148, 64, 78 }
Session ID: {15, 37, 184, 159, 154, 113, 92, 50, 245, 234, 44, 169, 89, 215, 100, 45, 5, 95, 39, 194, 120, 37, 117, 0, 40, 67, 177, 253, 233, 19, 35, 57}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Compression Method: 0
Extension server_name, server_name:
Extension renegotiation_info, renegotiated_connection: <empty>
Extension ec_point_formats, formats: [uncompressed, ansiX962_compressed_prime, ansiX962_compressed_char2]
***
%% Initialized: [Session-2, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
** TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
main, READ: TLSv1.2 Handshake, length = 2940
*** Certificate chain
chain [0] = [
[
Version: V3
Subject: CN=big.finance.provider.com, O=provider sys GmbH, L=Neustadt, ST=Nordrhein-Westfalen, C=DE
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 26538155...
public exponent: 65537
Validity: [From: Fri Aug 10 02:00:00 CEST 2018,
To: Sun Oct 25 13:00:00 CET 2020]
Issuer: CN=GeoTrust TLS RSA CA G1, OU=www.digicert.com, O=DigiCert Inc, C=US
SerialNumber: [ 0fe6a4fc c5d93b55 f85fdaba 1d765c2f]
Certificate Extensions: 10
[1]: ObjectId: 1.3.6.1.4.1.11129.2.4.2 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 82 01 6C 04 82 01 68 01 66 00 76 00 A4 B9 09 ...l...h.f.v....
0010: 90 B4 18 58 14 87 BB 13 A2 CC 67 70 0A 3C 35 98 ...X......gp.<5.
...
0160: 54 EA 7E 31 14 6E EA 21 19 44 0E C0 97 B0 4A 34 T..1.n.!.D....J4
[2]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://status.geotrust.com
,
accessMethod: caIssuers
accessLocation: URIName: http://cacerts.geotrust.com/GeoTrustTLSRSACAG1.crt
]
]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 94 4F D4 5D 8B E4 A4 E2 A6 80 FE FD D8 F9 00 EF .O.]............
0010: A3 BE 02 57 ...W
]
]
[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
]
[5]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://cdp.geotrust.com/GeoTrustTLSRSACAG1.crl]
]]
[6]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.114412.1.1]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 64 69 ..https://www.di
0010: 67 69 63 65 72 74 2E 63 6F 6D 2F 43 50 53 gicert.com/CPS
]] ]
[CertificatePolicyId: [2.23.140.1.2.2]
[] ]
]
[7]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
[8]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_Encipherment
]
[9]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: big.finance.provider.com
DNSName: acceptance-big.finance.provider.com
DNSName: integration-big.finance.provider.com
]
[10]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: B7 CD F4 D3 84 2E D2 B5 0D 6F BE 18 C4 75 BD E3 .........o...u..
0010: A2 51 7A 4A .QzJ
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 5F B7 0D DC 75 3F EE 4F D3 15 12 6C 56 47 C5 D8 _...u?.O...lVG..
0010: 83 04 01 F9 23 40 E9 72 0E 19 7A 69 A4 F7 1F FD ....#@.r..zi....
...
00F0: 3F 33 BF 95 7D D8 C9 B2 3F 88 5E 46 FA B1 D8 46 ?3......?.^F...F
]
chain [1] = [
[
Version: V3
Subject: CN=GeoTrust TLS RSA CA G1, OU=www.digicert.com, O=DigiCert Inc, C=US
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 239970683...
public exponent: 65537
Validity: [From: Thu Nov 02 13:23:37 CET 2017,
To: Tue Nov 02 13:23:37 CET 2027]
Issuer: CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US
SerialNumber: [ 0d07782a 133fc6f9 a57296e1 31ffd179]
Certificate Extensions: 8
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://ocsp.digicert.com
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 4E 22 54 20 18 95 E6 E3 6E E6 0F FA FA B9 12 ED N"T ....n.......
0010: 06 17 8F 39 ...9
]
]
[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl3.digicert.com/DigiCertGlobalRootG2.crl]
]]
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.5.29.32.0]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 64 69 ..https://www.di
0010: 67 69 63 65 72 74 2E 63 6F 6D 2F 43 50 53 gicert.com/CPS
]] ]
]
[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
clientAuth
]
[7]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Key_CertSign
Crl_Sign
]
[8]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 94 4F D4 5D 8B E4 A4 E2 A6 80 FE FD D8 F9 00 EF .O.]............
0010: A3 BE 02 57 ...W
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 82 1C 04 3A 82 E9 C5 A9 C8 65 12 5C 08 E3 01 C6 ...:.....e.\....
0010: 30 B0 AE 22 88 61 7B 2B 07 86 F7 B8 B5 44 9C F5 0..".a.+.....D..
...
00F0: 1E 12 78 CE 98 F2 5F FB 30 14 69 3C 2C FA 97 C6 ..x..._.0.i<,...
]
***
%% Invalidated: [Session-2, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
main, SEND TLSv1.2 ALERT: fatal, description = certificate_unknown
main, WRITE: TLSv1.2 Alert, length = 2
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
main, called close()
main, called closeInternal(true)
15:06:38.804 [main] DEBUG org.springframework.ws.transport.support.TransportUtils - Could not close WebServiceConnection
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
... (see original post above)