I'm getting error in TLS client Authentication "javax.net.ssl.SSLHandshakeException: certificate verify format error"
Question
I'm getting the javax.net.ssl.SSLHandshakeException: certificate verify format error while TLS handshake with server. here are SSL debug logs
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - Using SSLEngineImpl.
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 for TLSv1.1
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.1
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - https-jsse-nio-8779-exec-4, READ: TLSv1.2 Handshake, length = 193
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - *** ClientHello, TLSv1.2
RandomCookie: GMT: 1559660269 bytes = { 142, 215, 159, 39, 132, 157, 247, 112, 42, 116, 30, 53, 176, 63, 146, 115, 64, 104, 9, 144, 225, 253, 29, 24, 9, 79, 223, 14716 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - }
Session ID: 16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - {}
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 016 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - }
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1}
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - Extension ec_point_formats, formats: [uncompressed]
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - Extension extended_master_secret
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - ***
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - %% Initialized: [Session-45, SSL_NULL_WITH_NULL_NULL]
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - Standard ciphersuite chosen: TLS_RSA_WITH_AES_256_CBC_SHA256
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - %% Negotiating: [Session-45, TLS_RSA_WITH_AES_256_CBC_SHA256]
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - *** ServerHello, TLSv1.2
RandomCookie: GMT: 1559660269 bytes = { 242, 180, 42, 113, 43, 86, 200, 102, 137, 253, 162, 145, 187, 157, 21, 61, 130, 111, 208, 138, 157, 16, 129, 241, 240, 193, 146, 17616 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - }
Session ID: 16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - {93, 247, 135, 237, 209, 173, 47, 114, 241, 119, 34, 69, 70, 196, 75, 234, 36, 154, 91, 17, 112, 132, 181, 19, 98, 186, 93, 162, 120, 177, 207, 186}
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - Compression Method: 0
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - Extension renegotiation_info, renegotiated_connection: <empty>
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - Extension extended_master_secret
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - ***
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - Cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - *** Certificate chain
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - chain [0] = [
[
Version: V3
Subject: CN=My Localhost ADSS
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 25321694115940826027322844222767151398219355087620840370782381949637044533164724132334579027146349177201862757727884321886566887933084932826078255329342529203075229639360747320225435927539919958271262386205619115744164722587056483197039366012758728229527965947498559072471739150815119046974855896603220535129326663206119476923239680879939481132433868025132726322570484448532983000315480996021324286663917413807111782428283985474370842459816404568897193923711460682160120829243359185106781208033193689777894503821946347063772447622022145680831197269139638569549625166992413010818436547602019012627384659626390973801577
public exponent: 65537
Validity: [From: Mon Dec 16 18:22:32 PKT 2019,
To: Wed Dec 16 18:22:32 PKT 2020]
Issuer: CN=Ascertia Intermediate CA Custom, O=Ascertia Pvt. Ltd., L=Lahore, ST=Punjab, C=PK
SerialNumber: [ 7eead250 66b641e4 97f9c9ef 7be452ef fddbdd7e]
Certificate Extensions: 8
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://localhost:8777/adss/ocsp
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 39 55 E3 36 06 31 48 05 64 D0 67 3E 82 42 2B CE 9U.6.1H.d.g>.B+.
0010: 1F 1F 4E F3 ..N.
]
]
[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://localhost:8777/adss/crls/Ascertia_customCRL.crl]
]]
[5]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
]
[6]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
]
[7]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
IPAddress: 192.168.0.205
IPAddress: 127.0.0.1
IPAddress: 192.168.3.205
]
[8]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 6F D0 16 5F 56 B3 8B B3 34 27 33 A7 42 13 62 C6 o.._V...4'3.B.b.
0010: 91 90 0C 17 ....
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 27 58 69 A5 5D 85 48 8B D6 E2 61 64 70 BF BF FF 'Xi.].H...adp...
0010: 4B 49 D9 35 4D 4B ED 0A 46 FC 00 2D 02 6D 39 8A KI.5MK..F..-.m9.
0020: 3D 90 36 8B 75 8C 72 35 35 7C 83 11 1A 8F 6C F5 =.6.u.r55.....l.
0030: B6 3B A3 BF FB AE 6A 7D 15 E9 0F 3A 24 02 A6 8C .;....j....:$...
0040: 7E 7F F2 01 F4 37 AF E1 2A FB 91 38 DE 98 11 3E .....7..*..8...>
0050: 65 F7 1B EB 1C 24 F4 B2 DE 83 88 D8 1E E1 D2 7B e....$..........
0060: C8 A8 24 6F 8E 71 71 AB 44 8C 31 C8 78 63 B6 89 ..$o.qq.D.1.xc..
0070: 35 56 E6 58 A2 91 37 87 C1 2E 00 34 4B 78 82 BF 5V.X..7....4Kx..
0080: 56 AE 75 3E A9 51 DA 74 2F 15 ED 33 7E 37 0F 40 V.u>.Q.t/..3.7.@
0090: 57 88 EE A7 FB 22 A1 A1 96 C4 CE D0 85 DF E7 F0 W...."..........
00A0: 16 1B B1 49 82 2E 83 EC 76 69 9F BC DA 68 57 E9 ...I....vi...hW.
00B0: 6C 44 8D 9B F7 E8 51 E4 0D 65 A4 74 43 0B 77 5B lD....Q..e.tC.w[
00C0: CD 17 75 C1 CC 54 35 91 0D FA C6 FD 03 5A D7 EE ..u..T5......Z..
00D0: 54 F1 5E 2A F7 4E 9F 21 E6 96 06 0B 69 8C 2E 52 T.^*.N.!....i..R
00E0: 95 8B 96 02 63 81 92 5E 7D 69 25 05 E7 8B ED C9 ....c..^.i%.....
00F0: F7 09 EA A0 C8 92 8B 7C 03 70 4A E0 29 99 F5 90 .........pJ.)...
]
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - chain [1] = [
[
Version: V3
Subject: CN=Ascertia Intermediate CA Custom, O=Ascertia Pvt. Ltd., L=Lahore, ST=Punjab, C=PK
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 17120836721984285479272296408497962975611675670410462092346589482645708699013846295238237242821029717464895615515785795235746445055724628811982939123079226425065718947900939247376904345600121827578312641232911297103989802443671997155790898125711439699019566756236895398941206746508960242215727832014780850061382934291008747521244718100036686007862238017564214236264833966284938720233144132249836658488729738460023137619985343778920636172253945037512775972999011910593008201504417908763777416539973626977001673463758214523133023591564240681464129359854814549020570385210205504427021731267144905428750840342816548078383
public exponent: 65537
Validity: [From: Mon Dec 16 15:48:22 PKT 2019,
To: Mon Dec 16 15:48:22 PKT 2024]
Issuer: CN=Ascertia Root CA Custom, O=Ascertia Pvt. Ltd., L=Lahore, STREET=avainda hidalog no 190, OID.2.5.4.17=411400, ST=Punjab, C=PK
SerialNumber: [ 7b565512 eb03a3d5 44203567 42426980 b09b497d]
Certificate Extensions: 6
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[
accessMethod: ocsp
accessLocation: URIName: http://localhost:8777/adss/ocsp
]
]
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 0E 2B 8B 10 A4 B3 51 95 93 E3 85 30 89 F2 5A 79 .+....Q....0..Zy
0010: 50 5C 7A 96 P\z.
]
]
[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://localhost:8777/adss/crls/Ascertia_customCRL]
]]
[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
[6]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 39 55 E3 36 06 31 48 05 64 D0 67 3E 82 42 2B CE 9U.6.1H.d.g>.B+.
0010: 1F 1F 4E F3 ..N.
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 6B BE 19 41 5B 13 F3 BC DF F9 F9 22 1D 0C 65 01 k..A[......"..e.
0010: A5 70 B2 5B 3D D5 5D 77 E9 3E 61 98 C7 B6 A4 CF .p.[=.]w.>a.....
0020: 55 03 55 13 8A A0 CE B9 DB 0E DF 8B 67 1D AE 40 U.U.........g..@
0030: B7 A1 5C 92 B6 6B 4A 7C 17 6B 0B 5F 5D 29 33 B2 ..\..kJ..k._])3.
0040: 9B 52 42 4B 12 FE F3 37 55 5A 70 83 7B 13 83 B8 .RBK...7UZp.....
0050: 6A 68 AA 40 B7 7A 62 BC D0 65 77 E9 25 F5 7C 99 jh.@.zb..ew.%...
0060: 56 AC 63 F5 81 EC 82 5B A9 D1 DF 08 90 6E BC B0 V.c....[.....n..
0070: D8 66 07 4E 49 1D 6C 33 F8 C3 D4 20 32 B9 F4 1A .f.NI.l3... 2...
0080: ED 3F D2 9D 8A 49 75 80 47 0F 0E 60 BE BB ED B8 .?...Iu.G..`....
0090: 8E 1A 87 9D DE C9 DF 54 97 C5 C4 D5 F8 91 4F AC .......T......O.
00A0: 17 04 71 BE CF EC 1D B9 19 C9 2C B9 3F DC 99 AA ..q.......,.?...
00B0: A9 11 F5 F5 8B 43 A4 E7 16 29 49 28 ED 09 F1 40 .....C...)I(...@
00C0: EB A1 F8 DB 2E D0 E2 0C 8C 52 8F 44 A3 66 8B DB .........R.D.f..
00D0: 49 4D 29 13 24 AA 48 40 F0 D4 5B 12 E4 13 8D 56 IM).$.H@..[....V
00E0: DD 03 C1 CE AB 00 80 4F 0A DA 58 C3 77 21 76 E2 .......O..X.w!v.
00F0: C5 FC FE D0 F8 46 2C 66 6C 90 2E 0F E2 66 B5 24 .....F,fl....f.$
]
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - chain [2] = [
[
Version: V3
Subject: CN=Ascertia Root CA Custom, O=Ascertia Pvt. Ltd., L=Lahore, STREET=avainda hidalog no 190, OID.2.5.4.17=411400, ST=Punjab, C=PK
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun RSA public key, 2048 bits
modulus: 16208136824587262525258798862446564639138682340077516121448088198710694068180476857035949208687989200637271448726823800392176591874077687418148928034660804411974036254382611263292171718194880276737353563360522295669459810260761877684723622398673028706281216709680382616853892285425550733790203838936379588252823152260010854139450552754297196317336499033513470297605498259516511313264484595485907739431928841655940421431592374794339740490457234363850089009078070727497315883908643682264432334011595299137029880168931057283711342111484794361507911543096241284204185445339501751771157552475174005501097076407114906440469
public exponent: 65537
Validity: [From: Mon Dec 16 15:41:29 PKT 2019,
To: Mon Dec 16 15:41:29 PKT 2024]
Issuer: CN=Ascertia Root CA Custom, O=Ascertia Pvt. Ltd., L=Lahore, STREET=avainda hidalog no 190, OID.2.5.4.17=411400, ST=Punjab, C=PK
SerialNumber: [ 6091e9a2 eb9db359 48a5110c 6414fa1e 136a0ebf]
Certificate Extensions: 4
[1]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 0E 2B 8B 10 A4 B3 51 95 93 E3 85 30 89 F2 5A 79 .+....Q....0..Zy
0010: 50 5C 7A 96 P\z.
]
]
[2]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
[3]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
[4]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 0E 2B 8B 10 A4 B3 51 95 93 E3 85 30 89 F2 5A 79 .+....Q....0..Zy
0010: 50 5C 7A 96 P\z.
]
]
]
Algorithm: [SHA256withRSA]
Signature:
0000: 2A F5 DE 50 0B 8F 19 32 0C EE 0F AD FA BF 1E B6 *..P...2........
0010: 9A 30 11 AF 0C 98 8F 76 4E 9E 62 F7 B4 33 F9 E0 .0.....vN.b..3..
0020: 43 07 51 64 C4 93 01 E8 99 D5 FA 53 25 E4 EB 3D C.Qd.......S%..=
0030: 9B F2 A9 FA 18 1C 61 79 DA 02 BD A9 25 FC 4D FC ......ay....%.M.
0040: EB 9D 68 5E 20 41 A6 49 89 4D F0 D4 F2 D1 5C DF ..h^ A.I.M....\.
0050: 0E AD 53 5B 7F 7E 2E 4E 24 B4 1B 9A F2 91 F9 8C ..S[...N$.......
0060: 31 74 EE 7C 8B 76 FE 10 A4 AB F7 73 00 74 FC FD 1t...v.....s.t..
0070: 7A D9 F3 E0 70 B9 03 4C 06 5A 63 CF A7 36 F5 1F z...p..L.Zc..6..
0080: 52 B7 DD BA 82 88 D7 ED AD E2 C5 4B FD 2C 12 C6 R..........K.,..
0090: CA 63 C6 F1 0E 5D 6F 47 72 6E A8 7B ED 89 72 F9 .c...]oGrn....r.
00A0: 25 0A 3A 21 AC F6 78 C6 DF 19 37 D2 04 30 2F 73 %.:!..x...7..0/s
00B0: CC FA C4 49 9D 3C 07 C1 27 73 F7 A7 8A 59 CF 9F ...I.<..'s...Y..
00C0: 95 03 E4 F5 02 E7 ED 77 96 4B 5B B1 4A 3E 04 A7 .......w.K[.J>..
00D0: 33 5D 96 6E 9A 2A BF 17 72 E7 DC 87 C1 B6 13 F6 3].n.*..r.......
00E0: A5 36 F2 04 EF 9D B5 8B E9 86 93 23 DA 52 DD D1 .6.........#.R..
00F0: B4 FF E9 1F D3 FB CC 02 D4 D5 8F BA 95 89 A0 4B ...............K
]
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - ***
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - *** CertificateRequest
Cert Types: RSA, DSS, ECDSA
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - Supported Signature Algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - Cert Authorities:
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - <CN=ADSS Default Root CA, OU=Ascertia Software Distribution, O=Ascertia Limited, C=GB>
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - <CN=Ascertia Root CA Custom, O=Ascertia Pvt. Ltd., L=Lahore, STREET=avainda hidalog no 190, OID.2.5.4.17=411400, ST=Punjab, C=PK>
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - <CN=Ascertia Intermediate CA Custom, O=Ascertia Pvt. Ltd., L=Lahore, ST=Punjab, C=PK>
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - *** ServerHelloDone
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - https-jsse-nio-8779-exec-4, WRITE: TLSv1.2 Handshake, length = 3875
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - https-jsse-nio-8779-exec-5, READ: TLSv1.2 Handshake, length = 3583
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - *** Certificate chain
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - chain [0] = Version: 3
Serial number: 551317074654428483252757425318192578659932049087
Serial number (hex): 0x6091e9a2eb9db35948a5110c6414fa1e136a0ebf
Signature algorithm: sha256WithRSAEncryption (1.2.840.113549.1.1.11)
Issuer: CN=Ascertia Root CA Custom,O=Ascertia Pvt. Ltd.,L=Lahore,STREET=avainda hidalog no 190,postalCode=411400,ST=Punjab,C=PK
Valid not before: Mon Dec 16 15:41:29 PKT 2019
not after: Mon Dec 16 15:41:29 PKT 2024
Subject: CN=Ascertia Root CA Custom,O=Ascertia Pvt. Ltd.,L=Lahore,STREET=avainda hidalog no 190,postalCode=411400,ST=Punjab,C=PK
RSA public key (2048 bits):
public exponent: 10001
modulus: 8064a723aa65e30b2ed8e51181dd08f74bb98f29e3090c987ebba889fe9b3f1de141e40238e635b9a5227a552f661bba702f040feee5d4e013ffd495822d9853f45b6a26fa94f34d59e8ab2f4762c246ccc9b590a27180d897b6a2ed48ec02ca34163fdf455533d7c910f8fa79552a16fdf572fb26feec1e548cfbd3b39e535cefb07bde6910c425c2513f5525000aeb77922a112de46aa04dd9c512d600548600fa0d74732fff7523206842f24ba675c0279d9df7ca74c157417559f50cf397f1398978293fca454f504c90f08c19e2c46d70331f883472d668ea74595c152eb43d1ad2c7806a2dc430808606ea5f79df642d4877e5b34c07aeb7bb6f539315
Certificate Fingerprint (MD5) : 22:5A:7B:59:90:8B:3C:E7:AD:73:C8:02:60:D9:58:B6
Certificate Fingerprint (SHA-1): E7:D2:B9:99:6A:68:EF:43:68:17:EE:9B:E0:03:DA:A3:32:93:BC:BF
Extensions: 4
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - chain [1] = Version: 3
Serial number: 704131139880180178098184837972955135766186117501
Serial number (hex): 0x7b565512eb03a3d54420356742426980b09b497d
Signature algorithm: sha256WithRSAEncryption (1.2.840.113549.1.1.11)
Issuer: CN=Ascertia Root CA Custom,O=Ascertia Pvt. Ltd.,L=Lahore,STREET=avainda hidalog no 190,postalCode=411400,ST=Punjab,C=PK
Valid not before: Mon Dec 16 15:48:22 PKT 2019
not after: Mon Dec 16 15:48:22 PKT 2024
Subject: CN=Ascertia Intermediate CA Custom,O=Ascertia Pvt. Ltd.,L=Lahore,ST=Punjab,C=PK
RSA public key (2048 bits):
public exponent: 10001
modulus: 879f86d6540eec84c5b4e260a10668ef0225c96250ac2c716b26ace957ef2eb803a66f2227a579a774d085a12482bb9876e6d4d3b5aec68ddbb21b0ca3d1e9416444af9e5ba0f31fbb756d61068c3a25a77ddb6341d8ce15cd7cf7e41f5ce4ef3cfbc1e3f23f8bde156df1b937840b7d3f24568300dd3e4c31d5af7e02bcdb02da71daab28e4c12053558816f8ea7363047d8e4b35d87e932b16e98d9d1220cb170c87a26b18156c83b39be2b50ba458e460f0280c30d3f5b462bd6359d7b700d1b8b900cc687bead96be87b0ee997dc39a38325de82ff6b6ed4b237cb966be8fa2a46d4648c307c987a11a1947ad3bef3c6e322da589c47c3454b7ae15e432f
Certificate Fingerprint (MD5) : 9D:D2:70:F2:C4:FF:5F:A7:FE:6C:DB:6F:02:64:EE:FD
Certificate Fingerprint (SHA-1): C5:36:1C:DB:FA:C4:5A:6D:2A:D1:26:B1:F6:FF:ED:B6:98:2C:63:2F
Extensions: 6
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - chain [2] = Version: 3
Serial number: 322385529041847466910711876846708119045052612154
Serial number (hex): 0x3878446070597d76e6964e1d9367cc575a04be3a
Signature algorithm: sha256WithRSAEncryption (1.2.840.113549.1.1.11)
Issuer: CN=Ascertia Intermediate CA Custom,O=Ascertia Pvt. Ltd.,L=Lahore,ST=Punjab,C=PK
Valid not before: Mon Dec 16 18:24:00 PKT 2019
not after: Wed Dec 16 18:24:00 PKT 2020
Subject: CN=ADSS sample client
RSA public key (2048 bits):
public exponent: 10001
modulus: 81c37623cdff782527e1a3dc5b9447a64cea1dc0160c3fa24ffb1e07ba4a668b1b82927dc5aa54ab8b6d53d2797248e3e2ae23e19ffb2f65dd454d51d2e6fdf70af085ec0660ccd3902ce78d0cb16bc072438599b444bd472f82bd0d5b4a26031cf4d47af5bf2acc0d2ae309e54367d11a4829c1071fb545d11ed699ea2ecc6c77380dac560abf272cf85fa4426fac8b7392a98cecbe2979f50ed61615d4ca6a9144426ccb2723f10ef41b118c1f28106f8bc8f083ce2567f29457558ca2c795f94340b7ec3bcebbd5a41e6adc45707b5865ad603819128c3fa0db07f37b65e928b285cf13815b4e4396bd915c824f794ac5dc0a8a41602c1dc17f22603636bf
Certificate Fingerprint (MD5) : BD:F2:89:54:9F:4B:C9:32:72:52:FA:9F:4F:7E:3C:E3
Certificate Fingerprint (SHA-1): 72:64:8F:B5:59:49:50:1B:FC:E4:CC:55:F1:9A:F4:83:D5:15:61:8D
Extensions: 7
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - ***
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - Found trusted certificate:
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - Version: 3
Serial number: 551317074654428483252757425318192578659932049087
Serial number (hex): 0x6091e9a2eb9db35948a5110c6414fa1e136a0ebf
Signature algorithm: sha256WithRSAEncryption (1.2.840.113549.1.1.11)
Issuer: CN=Ascertia Root CA Custom,O=Ascertia Pvt. Ltd.,L=Lahore,STREET=avainda hidalog no 190,postalCode=411400,ST=Punjab,C=PK
Valid not before: Mon Dec 16 15:41:29 PKT 2019
not after: Mon Dec 16 15:41:29 PKT 2024
Subject: CN=Ascertia Root CA Custom,O=Ascertia Pvt. Ltd.,L=Lahore,STREET=avainda hidalog no 190,postalCode=411400,ST=Punjab,C=PK
RSA public key (2048 bits):
public exponent: 10001
modulus: 8064a723aa65e30b2ed8e51181dd08f74bb98f29e3090c987ebba889fe9b3f1de141e40238e635b9a5227a552f661bba702f040feee5d4e013ffd495822d9853f45b6a26fa94f34d59e8ab2f4762c246ccc9b590a27180d897b6a2ed48ec02ca34163fdf455533d7c910f8fa79552a16fdf572fb26feec1e548cfbd3b39e535cefb07bde6910c425c2513f5525000aeb77922a112de46aa04dd9c512d600548600fa0d74732fff7523206842f24ba675c0279d9df7ca74c157417559f50cf397f1398978293fca454f504c90f08c19e2c46d70331f883472d668ea74595c152eb43d1ad2c7806a2dc430808606ea5f79df642d4877e5b34c07aeb7bb6f539315
Certificate Fingerprint (MD5) : 22:5A:7B:59:90:8B:3C:E7:AD:73:C8:02:60:D9:58:B6
Certificate Fingerprint (SHA-1): E7:D2:B9:99:6A:68:EF:43:68:17:EE:9B:E0:03:DA:A3:32:93:BC:BF
Extensions: 4
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - *** ClientKeyExchange, RSA PreMasterSecret, TLSv1.2
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - SESSION KEYGEN:
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - PreMaster Secret:
0000: 03 03 59 F9 C0 D5 09 52 88 6F B3 A4 CB E8 04 8D ..Y....R.o......
0010: 2F C6 8E B6 13 10 E9 30 AE 68 A0 C9 A4 A6 05 1F /......0.h......
0020: F9 00 28 38 B2 89 A4 2E CD 33 C4 14 8F 09 62 B5 ..(8.....3....b.
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - CONNECTION KEYGEN:
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - Client Nonce:
0000: 5D F7 87 ED 8E D7 9F 27 84 9D F7 70 2A 74 1E 35 ]......'...p*t.5
0010: B0 3F 92 73 40 68 09 90 E1 FD 1D 18 09 4F DF 93 .?.s@h.......O..
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - Server Nonce:
0000: 5D F7 87 ED F2 B4 2A 71 2B 56 C8 66 89 FD A2 91 ].....*q+V.f....
0010: BB 9D 15 3D 82 6F D0 8A 9D 10 81 F1 F0 C1 92 B0 ...=.o..........
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - Master Secret:
0000: 05 C2 68 53 B6 38 73 86 F6 35 62 6A 80 70 38 48 ..hS.8s..5bj.p8H
0010: BC 66 F4 B2 F4 20 EF 0B 98 41 6D 80 22 84 C0 0E .f... ...Am."...
0020: C8 2F 65 B5 D4 8A C7 52 0D CE 7B BD 8B 14 27 68 ./e....R......'h
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - Client MAC write Secret:
0000: C3 FF 95 0C 32 89 10 85 DF E5 75 14 14 CD 76 2E ....2.....u...v.
0010: 33 5E 30 77 64 D8 83 AB A1 B5 32 F0 EE 32 18 01 3^0wd.....2..2..
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - Server MAC write Secret:
0000: 68 CB A3 A0 C7 5B D6 41 64 83 11 2A E7 C3 46 65 h....[.Ad..*..Fe
0010: 43 C0 8D 35 7C 43 EF F8 37 30 46 6F 1D A7 20 FB C..5.C..70Fo.. .
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - Client write key:
0000: 97 7B 34 82 EB 5B 3A 92 40 1B 98 C0 A3 A7 7B E9 ..4..[:.@.......
0010: 3E 4E 1F F0 0B F8 07 1D 71 62 FF 15 07 D5 61 74 >N......qb....at
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - Server write key:
0000: BD F2 A3 56 D4 0F 86 F0 4D 27 66 9F 80 20 F7 1B ...V....M'f.. ..
0010: 17 3B CE 44 B8 B7 03 F6 51 D8 52 36 6F E4 B6 24 .;.D....Q.R6o..$
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - ... no IV derived for this protocol
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - https-jsse-nio-8779-exec-6, READ: TLSv1.2 Handshake, length = 264
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - *** CertificateVerify
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - Signature Algorithm SHA512withRSA
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - https-jsse-nio-8779-exec-6, fatal error: 42: certificate verify format error
java.security.SignatureException: Signature decryption error: javax.crypto.BadPaddingException: Invalid padding!
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - %% Invalidated: [Session-45, TLS_RSA_WITH_AES_256_CBC_SHA256]
https-jsse-nio-8779-exec-6, SEND TLSv1.2 ALERT: fatal, 16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - description = bad_certificate
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - https-jsse-nio-8779-exec-6, WRITE: TLSv1.2 Alert, length = 2
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - https-jsse-nio-8779-exec-6, fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: certificate verify format error
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - https-jsse-nio-8779-exec-6, called closeOutbound()
16 Dec 2019 18:34:37 INFO com.ascertia.adss.logger.trash - https-jsse-nio-8779-exec-6, closeOutboundInternal()
I have checked trust on server and also added the trust authrities in SSLContext on client side. I have searched for solution every where but cannot get any solution.
1 answers
solution1
0 2019-12-16 20:42:32
Moieen, the ssl debug logs show the reason for bad certificate
java.security.SignatureException: Signature decryption error: javax.crypto.BadPaddingException: Invalid padding!
Unexplained BadPaddingException has been reported for various jre versions, bumping it up might solve your problem.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Debian SSL certificates ERROR: cannot verify xxx certificate / javax.net.ssl.SSLHandshakeException
SSL handshake error javax.net.ssl.SSLHandshakeException Received fatal alert bad_certificate
Error in Java 8: 'javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.h: Certificate chaining error'
ERROR﹕ javax.net.ssl.SSLHandshakeException, failure in SSL library?
javax.net.ssl.SSLHandshakeException: Received fatal alert: bad_certificate- Java Error
java JNLP error: javax.net.ssl.SSLHandshakeException
How to solve javax.net.ssl.SSLHandshakeException Error?
Android C2DM: Could not verify SSL certificate javax.net.ssl.SSLHandshakeException
HTTP transport error: javax.net.ssl.SSLHandshakeException
javax.net.ssl.SSLHandshakeException: null cert chain java error
Related Tags