Last active
March 31, 2017 03:41
-
-
Save germanattanasio/3f0e7458328e817b4e63952ffaa93da2 to your computer and use it in GitHub Desktop.
IBM JDK and SSL context
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Copy this class in the java-sdk/text-to-speech/src/main/java/com/ibm/watson/developer_cloud/text_to_speech/v1/ folder | |
| package com.ibm.watson.developer_cloud.text_to_speech.v1; | |
| import java.util.List; | |
| import com.ibm.watson.developer_cloud.text_to_speech.v1.model.Voice; | |
| public class Example { | |
| public static void main(String[] args) { | |
| TextToSpeech service = new TextToSpeech(); | |
| service.setUsernameAndPassword("xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx", "xxxxxxxxx"); | |
| service.setEndPoint("https://stream.watsonplatform.net/text-to-speech/api"); | |
| List<Voice> voices = service.getVoices().execute(); | |
| System.out.println(voices); | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # 1. Clone the java-sdk | |
| git clone https://github.com/watson-developer-cloud/java-sdk | |
| cd java-sdk | |
| # 2. Replace java-sdk/core/src/main/java/com/ibm/watson/developer_cloud/service/WatsonService.java | |
| # 3. Copy Example.java in the java-sdk/text-to-speech/src/main/java/com/ibm/watson/developer_cloud/text_to_speech/v1/ folder | |
| # Update the service credentials for Text To Speech | |
| # 4. From the java-sdk root folder, generate the new jar with dependencies using gradle | |
| gradle assemble | |
| # 5. Run the IBM JDK docker image with the Example.java class, make sure you update {Users/germana/workspace} to point | |
| # to where you | |
| docker run \ | |
| -v "`pwd`/java-sdk/build/libs:/sdk" \ | |
| ibmcom/ibmjava:8-sdk \ | |
| java \ | |
| -cp /sdk/java-sdk-3.6.1-SNAPSHOT-jar-with-dependencies.jar \ | |
| com.ibm.watson.developer_cloud.text_to_speech.v1.Example |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Replace java-sdk/core/src/main/java/com/ibm/watson/developer_cloud/service/WatsonService.java | |
| package com.ibm.watson.developer_cloud.service; | |
| import java.io.IOException; | |
| import java.net.CookieManager; | |
| import java.net.CookiePolicy; | |
| import java.net.InetAddress; | |
| import java.net.Socket; | |
| import java.security.KeyManagementException; | |
| import java.security.KeyStore; | |
| import java.security.KeyStoreException; | |
| import java.security.NoSuchAlgorithmException; | |
| import java.util.Arrays; | |
| import java.util.Map; | |
| import java.util.concurrent.TimeUnit; | |
| import java.util.logging.Level; | |
| import java.util.logging.Logger; | |
| import javax.net.ssl.SSLContext; | |
| import javax.net.ssl.SSLSocket; | |
| import javax.net.ssl.SSLSocketFactory; | |
| import javax.net.ssl.TrustManager; | |
| import javax.net.ssl.TrustManagerFactory; | |
| import javax.net.ssl.X509TrustManager; | |
| import com.google.gson.JsonObject; | |
| import com.ibm.watson.developer_cloud.http.HttpHeaders; | |
| import com.ibm.watson.developer_cloud.http.HttpMediaType; | |
| import com.ibm.watson.developer_cloud.http.HttpStatus; | |
| import com.ibm.watson.developer_cloud.http.RequestBuilder; | |
| import com.ibm.watson.developer_cloud.http.ResponseConverter; | |
| import com.ibm.watson.developer_cloud.http.ServiceCall; | |
| import com.ibm.watson.developer_cloud.http.ServiceCallback; | |
| import com.ibm.watson.developer_cloud.service.exception.BadRequestException; | |
| import com.ibm.watson.developer_cloud.service.exception.ConflictException; | |
| import com.ibm.watson.developer_cloud.service.exception.ForbiddenException; | |
| import com.ibm.watson.developer_cloud.service.exception.InternalServerErrorException; | |
| import com.ibm.watson.developer_cloud.service.exception.NotFoundException; | |
| import com.ibm.watson.developer_cloud.service.exception.RequestTooLargeException; | |
| import com.ibm.watson.developer_cloud.service.exception.ServiceResponseException; | |
| import com.ibm.watson.developer_cloud.service.exception.ServiceUnavailableException; | |
| import com.ibm.watson.developer_cloud.service.exception.TooManyRequestsException; | |
| import com.ibm.watson.developer_cloud.service.exception.UnauthorizedException; | |
| import com.ibm.watson.developer_cloud.service.exception.UnsupportedException; | |
| import com.ibm.watson.developer_cloud.util.CredentialUtils; | |
| import com.ibm.watson.developer_cloud.util.RequestUtils; | |
| import com.ibm.watson.developer_cloud.util.ResponseConverterUtils; | |
| import com.ibm.watson.developer_cloud.util.ResponseUtils; | |
| import jersey.repackaged.jsr166e.CompletableFuture; | |
| import okhttp3.Call; | |
| import okhttp3.Callback; | |
| import okhttp3.Credentials; | |
| import okhttp3.Headers; | |
| import okhttp3.HttpUrl; | |
| import okhttp3.JavaNetCookieJar; | |
| import okhttp3.OkHttpClient; | |
| import okhttp3.Request; | |
| import okhttp3.Request.Builder; | |
| import okhttp3.Response; | |
| import okhttp3.TlsVersion; | |
| /** | |
| * Watson service abstract common functionality of various Watson Services. It handle authentication and default url | |
| * | |
| * @see <a href="http://www.ibm.com/watson/developercloud/"> IBM Watson Developer Cloud</a> | |
| */ | |
| public abstract class WatsonService { | |
| private static final String URL = "url"; | |
| private static final String PATH_AUTHORIZATION_V1_TOKEN = "/v1/token"; | |
| private static final String AUTHORIZATION = "authorization"; | |
| private static final String MESSAGE_ERROR_3 = "message"; | |
| private static final String MESSAGE_ERROR_2 = "error_message"; | |
| private static final String BASIC = "Basic "; | |
| private static final Logger LOG = Logger.getLogger(WatsonService.class.getName()); | |
| private String apiKey; | |
| private final OkHttpClient client; | |
| private String endPoint; | |
| private final String name; | |
| /** The default headers. */ | |
| protected Headers defaultHeaders = null; | |
| /** The skip authentication. */ | |
| protected boolean skipAuthentication = false; | |
| /** The Constant MESSAGE_CODE. */ | |
| protected static final String MESSAGE_CODE = "code"; | |
| /** The Constant MESSAGE_ERROR. */ | |
| protected static final String MESSAGE_ERROR = "error"; | |
| /** The Constant VERSION. */ | |
| protected static final String VERSION = "version"; | |
| /** | |
| * Instantiates a new Watson service. | |
| * | |
| * @param name the service name | |
| */ | |
| public WatsonService(String name) { | |
| this.name = name; | |
| apiKey = CredentialUtils.getAPIKey(name); | |
| client = configureHttpClient(); | |
| String url = CredentialUtils.getAPIUrl(name); | |
| if ((url != null) && !url.isEmpty()) { | |
| // The VCAP_SERVICES will typically contain a url. If present use it. | |
| setEndPoint(url); | |
| } | |
| } | |
| /** | |
| * Configures the HTTP client. | |
| * | |
| * @return the HTTP client | |
| */ | |
| protected OkHttpClient configureHttpClient() { | |
| final OkHttpClient.Builder builder = new OkHttpClient.Builder(); | |
| // TODO: remove this once Okhttp release the the fix for https://github.com/square/okhttp/issues/3173 | |
| workaroundForIBMJDK(builder); | |
| final CookieManager cookieManager = new CookieManager(); | |
| cookieManager.setCookiePolicy(CookiePolicy.ACCEPT_ALL); | |
| builder.cookieJar(new JavaNetCookieJar(cookieManager)); | |
| builder.connectTimeout(60, TimeUnit.SECONDS); | |
| builder.writeTimeout(60, TimeUnit.SECONDS); | |
| builder.readTimeout(90, TimeUnit.SECONDS); | |
| return builder.build(); | |
| } | |
| /** | |
| * This is a workaround to fix the IBM JDK which prefix SSL | |
| * This is being tracked here: https://github.com/watson-developer-cloud/java-sdk/issues/603 | |
| * | |
| * @param builder the HTTP Client builder | |
| */ | |
| private void workaroundForIBMJDK(final OkHttpClient.Builder builder) { | |
| try { | |
| TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance( | |
| TrustManagerFactory.getDefaultAlgorithm()); | |
| trustManagerFactory.init((KeyStore) null); | |
| TrustManager[] trustManagers = trustManagerFactory.getTrustManagers(); | |
| if (trustManagers.length != 1 || !(trustManagers[0] instanceof X509TrustManager)) { | |
| throw new IllegalStateException("Unexpected default trust managers:" | |
| + Arrays.toString(trustManagers)); | |
| } | |
| X509TrustManager trustManager = (X509TrustManager) trustManagers[0]; | |
| SSLContext sslContext = SSLContext.getInstance("TLS"); | |
| sslContext.init(null, new TrustManager[] {trustManager}, null); | |
| SSLSocketFactory sslSocketFactory | |
| = new DelegatingSSLSocketFactory(sslContext.getSocketFactory()) { | |
| @Override protected SSLSocket configureSocket(SSLSocket socket) throws IOException { | |
| socket.setEnabledProtocols(new String[] { | |
| TlsVersion.TLS_1_0.javaName(), | |
| TlsVersion.TLS_1_1.javaName(), | |
| TlsVersion.TLS_1_2.javaName() | |
| }); | |
| return socket; | |
| } | |
| }; | |
| builder.sslSocketFactory(sslSocketFactory, trustManager); | |
| } catch (NoSuchAlgorithmException e) { | |
| LOG.log(Level.SEVERE, "The cryptographic algorithm requested is not available in the environment.", e); | |
| } catch (KeyStoreException e) { | |
| LOG.log(Level.SEVERE, "Error using the keystore.", e); | |
| } catch (KeyManagementException e) { | |
| LOG.log(Level.SEVERE, "Error initializing the SSL Context.", e); | |
| } | |
| } | |
| /** | |
| * Execute the HTTP request. Okhttp3 compliant. | |
| * | |
| * @param request the HTTP request | |
| * | |
| * @return the HTTP response | |
| */ | |
| private Call createCall(Request request) { | |
| final Request.Builder builder = request.newBuilder(); | |
| if (RequestUtils.isRelative(request)) { | |
| builder.url(RequestUtils.replaceEndPoint(request.url().toString(), getEndPoint())); | |
| } | |
| String userAgent = RequestUtils.getUserAgent(); | |
| if (defaultHeaders != null) { | |
| for (String key : defaultHeaders.names()) { | |
| builder.header(key, defaultHeaders.get(key)); | |
| } | |
| if (defaultHeaders.get(HttpHeaders.USER_AGENT) != null) { | |
| userAgent += " " + defaultHeaders.get(HttpHeaders.USER_AGENT); | |
| } | |
| } | |
| builder.header(HttpHeaders.USER_AGENT, userAgent); | |
| setAuthentication(builder); | |
| final Request newRequest = builder.build(); | |
| return client.newCall(newRequest); | |
| } | |
| /** | |
| * Creates the service call. | |
| * | |
| * @param <T> the generic type | |
| * @param request the request | |
| * @param converter the converter | |
| * @return the service call | |
| */ | |
| protected final <T> ServiceCall<T> createServiceCall(final Request request, final ResponseConverter<T> converter) { | |
| final Call call = createCall(request); | |
| return new ServiceCall<T>() { | |
| @Override | |
| public T execute() { | |
| try { | |
| Response response = call.execute(); | |
| return processServiceCall(converter, response); | |
| } catch (IOException e) { | |
| throw new RuntimeException(e); | |
| } | |
| } | |
| @Override | |
| public void enqueue(final ServiceCallback<? super T> callback) { | |
| call.enqueue(new Callback() { | |
| @Override | |
| public void onFailure(Call call, IOException e) { | |
| callback.onFailure(e); | |
| } | |
| @Override | |
| public void onResponse(Call call, Response response) { | |
| try { | |
| callback.onResponse(processServiceCall(converter, response)); | |
| } catch (Exception e) { | |
| callback.onFailure(e); | |
| } | |
| } | |
| }); | |
| } | |
| @Override | |
| public CompletableFuture<T> rx() { | |
| final CompletableFuture<T> completableFuture = new CompletableFuture<T>(); | |
| call.enqueue(new Callback() { | |
| @Override | |
| public void onFailure(Call call, IOException e) { | |
| completableFuture.completeExceptionally(e); | |
| } | |
| @Override | |
| public void onResponse(Call call, Response response) { | |
| try { | |
| completableFuture.complete(processServiceCall(converter, response)); | |
| } catch (Exception e) { | |
| completableFuture.completeExceptionally(e); | |
| } | |
| } | |
| }); | |
| return completableFuture; | |
| } | |
| @Override | |
| protected void finalize() throws Throwable { | |
| super.finalize(); | |
| if (!call.isExecuted()) { | |
| final Request r = call.request(); | |
| LOG.warning(r.method() + " request to " + r.url() + " has not been sent. Did you forget to call execute()?"); | |
| } | |
| } | |
| }; | |
| } | |
| /** | |
| * Gets the API key. | |
| * | |
| * | |
| * @return the API key | |
| */ | |
| protected String getApiKey() { | |
| return apiKey; | |
| } | |
| /** | |
| * Gets the API end point. | |
| * | |
| * | |
| * @return the API end point | |
| */ | |
| public String getEndPoint() { | |
| return endPoint; | |
| } | |
| /** | |
| * Gets an authorization token that can be use to authorize API calls. | |
| * | |
| * | |
| * @return the token | |
| */ | |
| public ServiceCall<String> getToken() { | |
| HttpUrl url = HttpUrl.parse(getEndPoint()).newBuilder().setPathSegment(0, AUTHORIZATION).build(); | |
| Request request = RequestBuilder.get(url + PATH_AUTHORIZATION_V1_TOKEN) | |
| .header(HttpHeaders.ACCEPT, HttpMediaType.TEXT_PLAIN).query(URL, getEndPoint()).build(); | |
| return createServiceCall(request, ResponseConverterUtils.getString()); | |
| } | |
| /** | |
| * Gets the error message from a JSON response. | |
| * | |
| * <pre> | |
| * { | |
| * code: 400 | |
| * error: 'bad request' | |
| * } | |
| * </pre> | |
| * | |
| * @param response the HTTP response | |
| * @return the error message from the JSON object | |
| */ | |
| private String getErrorMessage(Response response) { | |
| String error = ResponseUtils.getString(response); | |
| try { | |
| final JsonObject jsonObject = ResponseUtils.getJsonObject(error); | |
| if (jsonObject.has(MESSAGE_ERROR)) { | |
| error = jsonObject.get(MESSAGE_ERROR).getAsString(); | |
| } else if (jsonObject.has(MESSAGE_ERROR_2)) { | |
| error = jsonObject.get(MESSAGE_ERROR_2).getAsString(); | |
| } else if (jsonObject.has(MESSAGE_ERROR_3)) { | |
| error = jsonObject.get(MESSAGE_ERROR_3).getAsString(); | |
| } | |
| } catch (final Exception e) { | |
| // Ignore any kind of exception parsing the json and use fallback String version of response | |
| } | |
| return error; | |
| } | |
| /** | |
| * Gets the name. | |
| * | |
| * @return the name | |
| */ | |
| public String getName() { | |
| return name; | |
| } | |
| /** | |
| * Sets the API key. | |
| * | |
| * @param apiKey the new API key | |
| */ | |
| public void setApiKey(String apiKey) { | |
| this.apiKey = apiKey; | |
| } | |
| /** | |
| * Sets the authentication. Okhttp3 compliant. | |
| * | |
| * @param builder the new authentication | |
| */ | |
| protected void setAuthentication(Builder builder) { | |
| if (getApiKey() == null) { | |
| if (skipAuthentication) { | |
| return; // chosen to skip authentication with the service | |
| } | |
| throw new IllegalArgumentException("apiKey or username and password were not specified"); | |
| } | |
| builder.addHeader(HttpHeaders.AUTHORIZATION, apiKey.startsWith(BASIC) ? apiKey : BASIC + apiKey); | |
| } | |
| /** | |
| * Sets the end point. | |
| * | |
| * @param endPoint the new end point | |
| */ | |
| public void setEndPoint(final String endPoint) { | |
| if ((endPoint != null) && !endPoint.isEmpty() && endPoint.endsWith("/")) { | |
| this.endPoint = endPoint.substring(0, endPoint.length() - 1); | |
| } else { | |
| this.endPoint = endPoint; | |
| } | |
| } | |
| /** | |
| * Sets the username and password. | |
| * | |
| * @param username the username | |
| * @param password the password | |
| */ | |
| public void setUsernameAndPassword(String username, String password) { | |
| apiKey = Credentials.basic(username, password); | |
| } | |
| /** | |
| * Set the default headers to be used on every HTTP request. | |
| * | |
| * @param headers name value pairs of headers | |
| */ | |
| public void setDefaultHeaders(Map<String, String> headers) { | |
| if (headers == null) { | |
| defaultHeaders = null; | |
| } else { | |
| defaultHeaders = Headers.of(headers); | |
| } | |
| } | |
| /* | |
| * (non-Javadoc) | |
| * | |
| * @see java.lang.Object#toString() | |
| */ | |
| @Override | |
| public String toString() { | |
| final StringBuilder builder = new StringBuilder().append(name).append(" ["); | |
| if (endPoint != null) { | |
| builder.append("endPoint=").append(endPoint); | |
| } | |
| return builder.append(']').toString(); | |
| } | |
| /** | |
| * Process service call. | |
| * | |
| * @param <T> the generic type | |
| * @param converter the converter | |
| * @param response the response | |
| * @return the t | |
| */ | |
| protected <T> T processServiceCall(final ResponseConverter<T> converter, Response response) { | |
| if (response.isSuccessful()) { | |
| return converter.convert(response); | |
| } | |
| // There was a Client Error 4xx or a Server Error 5xx | |
| // Get the error message and create the exception | |
| final String error = getErrorMessage(response); | |
| LOG.log(Level.SEVERE, response.request().method() + " " + response.request().url().toString() + ", status: " | |
| + response.code() + ", error: " + error); | |
| switch (response.code()) { | |
| case HttpStatus.BAD_REQUEST: // HTTP 400 | |
| throw new BadRequestException(error != null ? error : "Bad Request", response); | |
| case HttpStatus.UNAUTHORIZED: // HTTP 401 | |
| throw new UnauthorizedException("Unauthorized: Access is denied due to invalid credentials", response); | |
| case HttpStatus.FORBIDDEN: // HTTP 403 | |
| throw new ForbiddenException(error != null ? error : "Forbidden: Service refuse the request", response); | |
| case HttpStatus.NOT_FOUND: // HTTP 404 | |
| throw new NotFoundException(error != null ? error : "Not found", response); | |
| case HttpStatus.NOT_ACCEPTABLE: // HTTP 406 | |
| throw new ForbiddenException(error != null ? error : "Forbidden: Service refuse the request", response); | |
| case HttpStatus.CONFLICT: // HTTP 409 | |
| throw new ConflictException(error != null ? error : "", response); | |
| case HttpStatus.REQUEST_TOO_LONG: // HTTP 413 | |
| throw new RequestTooLargeException(error != null ? error | |
| : "Request too large: " + "The request entity is larger than the server is able to process", response); | |
| case HttpStatus.UNSUPPORTED_MEDIA_TYPE: // HTTP 415 | |
| throw new UnsupportedException(error != null ? error : "Unsupported Media Type", response); | |
| case HttpStatus.TOO_MANY_REQUESTS: // HTTP 429 | |
| throw new TooManyRequestsException(error != null ? error : "Too many requests", response); | |
| case HttpStatus.INTERNAL_SERVER_ERROR: // HTTP 500 | |
| throw new InternalServerErrorException(error != null ? error : "Internal Server Error", response); | |
| case HttpStatus.SERVICE_UNAVAILABLE: // HTTP 503 | |
| throw new ServiceUnavailableException(error != null ? error : "Service Unavailable", response); | |
| default: // other errors | |
| throw new ServiceResponseException(response.code(), error, response); | |
| } | |
| } | |
| /** | |
| * Sets the skip authentication. | |
| * | |
| * @param skipAuthentication the new skip authentication | |
| */ | |
| public void setSkipAuthentication(boolean skipAuthentication) { | |
| this.skipAuthentication = skipAuthentication; | |
| } | |
| /** | |
| * An SSL socket factory that forwards all calls to a delegate. Override {@link #configureSocket} | |
| * to customize a created socket before it is returned. | |
| */ | |
| public class DelegatingSSLSocketFactory extends SSLSocketFactory { | |
| /** The delegate. */ | |
| protected final SSLSocketFactory delegate; | |
| /** | |
| * Instantiates a new delegating SSL socket factory. | |
| * | |
| * @param delegate the delegate | |
| */ | |
| public DelegatingSSLSocketFactory(SSLSocketFactory delegate) { | |
| this.delegate = delegate; | |
| } | |
| /* (non-Javadoc) | |
| * @see javax.net.ssl.SSLSocketFactory#getDefaultCipherSuites() | |
| */ | |
| @Override public String[] getDefaultCipherSuites() { | |
| return delegate.getDefaultCipherSuites(); | |
| } | |
| /* (non-Javadoc) | |
| * @see javax.net.ssl.SSLSocketFactory#getSupportedCipherSuites() | |
| */ | |
| @Override public String[] getSupportedCipherSuites() { | |
| return delegate.getSupportedCipherSuites(); | |
| } | |
| /* (non-Javadoc) | |
| * @see javax.net.ssl.SSLSocketFactory#createSocket(java.net.Socket, java.lang.String, int, boolean) | |
| */ | |
| @Override public Socket createSocket( | |
| Socket socket, String host, int port, boolean autoClose) throws IOException { | |
| return configureSocket((SSLSocket) delegate.createSocket(socket, host, port, autoClose)); | |
| } | |
| /* (non-Javadoc) | |
| * @see javax.net.SocketFactory#createSocket(java.lang.String, int) | |
| */ | |
| @Override public Socket createSocket(String host, int port) throws IOException { | |
| return configureSocket((SSLSocket) delegate.createSocket(host, port)); | |
| } | |
| /* (non-Javadoc) | |
| * @see javax.net.SocketFactory#createSocket(java.lang.String, int, java.net.InetAddress, int) | |
| */ | |
| @Override public Socket createSocket( | |
| String host, int port, InetAddress localHost, int localPort) throws IOException { | |
| return configureSocket((SSLSocket) delegate.createSocket(host, port, localHost, localPort)); | |
| } | |
| /* (non-Javadoc) | |
| * @see javax.net.SocketFactory#createSocket(java.net.InetAddress, int) | |
| */ | |
| @Override public Socket createSocket(InetAddress host, int port) throws IOException { | |
| return configureSocket((SSLSocket) delegate.createSocket(host, port)); | |
| } | |
| /* (non-Javadoc) | |
| * @see javax.net.SocketFactory#createSocket(java.net.InetAddress, int, java.net.InetAddress, int) | |
| */ | |
| @Override public Socket createSocket( | |
| InetAddress address, int port, InetAddress localAddress, int localPort) throws IOException { | |
| return configureSocket((SSLSocket) delegate.createSocket( | |
| address, port, localAddress, localPort)); | |
| } | |
| /** | |
| * Configure socket. | |
| * | |
| * @param socket the socket | |
| * @return the SSL socket | |
| * @throws IOException Signals that an I/O exception has occurred. | |
| */ | |
| protected SSLSocket configureSocket(SSLSocket socket) throws IOException { | |
| return socket; | |
| } | |
| } | |
| } |
German - post the debug trace generated using this: http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/ReadDebug.html
@coxd here is the output with the debug flag:
IBMJSSE2 will not allow protocol SSLv3 per com.ibm.jsse2.disableSSLv3 set to TRUE or default
IBMJSSEProvider2 Build-Level: -20170105
trustStore is: /opt/ibm/java/jre/lib/security/cacerts
trustStore type is: jks
trustStore provider is:
init truststore
adding as trusted cert:
Subject: CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU
Issuer: CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU
Algorithm: RSA; Serial number: 0xd9083fbba967ca1a
Valid from Wed Dec 07 11:28:07 UTC 2011 until Sat Jul 31 11:28:07 UTC 2038
adding as trusted cert:
Subject: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP
Issuer: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP
Algorithm: RSA; Serial number: 0x0
Valid from Tue Sep 30 04:20:49 UTC 2003 until Sat Sep 30 04:20:49 UTC 2023
adding as trusted cert:
Subject: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Algorithm: RSA; Serial number: 0x83be056904246b1a1756ac95991c74a
Valid from Fri Nov 10 00:00:00 UTC 2006 until Mon Nov 10 00:00:00 UTC 2031
adding as trusted cert:
Subject: CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM
Issuer: CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM
Algorithm: RSA; Serial number: 0x445734245b81899b35f2ceb82b3b5ba726f07528
Valid from Thu Jan 12 18:59:32 UTC 2012 until Sun Jan 12 18:59:32 UTC 2042
adding as trusted cert:
Subject: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
Issuer: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
Algorithm: RSA; Serial number: 0x4
Valid from Mon Jun 21 04:00:00 UTC 1999 until Sun Jun 21 04:00:00 UTC 2020
adding as trusted cert:
Subject: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Issuer: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Algorithm: RSA; Serial number: 0x1
Valid from Sat Jun 26 00:19:54 UTC 1999 until Wed Jun 26 00:19:54 UTC 2019
adding as trusted cert:
Subject: CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US
Issuer: CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US
Algorithm: RSA; Serial number: 0x18acb56afd69b6153a636cafdafac4a1
Valid from Mon Nov 27 00:00:00 UTC 2006 until Wed Jul 16 23:59:59 UTC 2036
adding as trusted cert:
Subject: OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.", C=JP
Issuer: OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.", C=JP
Algorithm: RSA; Serial number: 0x0
Valid from Fri May 29 05:00:39 UTC 2009 until Tue May 29 05:00:39 UTC 2029
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x7dd9fe07cfa81eb7107967fba78934c6
Valid from Mon May 18 00:00:00 UTC 1998 until Tue Aug 01 23:59:59 UTC 2028
adding as trusted cert:
Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
Issuer: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
Algorithm: RSA; Serial number: 0x1
Valid from Mon Jun 21 04:00:00 UTC 1999 until Sun Jun 21 04:00:00 UTC 2020
adding as trusted cert:
Subject: OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd.", C=TW
Issuer: OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd.", C=TW
Algorithm: RSA; Serial number: 0x15c8bd65475cafb897005ee406d2bc9d
Valid from Mon Dec 20 02:31:27 UTC 2004 until Wed Dec 20 02:31:27 UTC 2034
adding as trusted cert:
Subject: CN=AffirmTrust Commercial, O=AffirmTrust, C=US
Issuer: CN=AffirmTrust Commercial, O=AffirmTrust, C=US
Algorithm: RSA; Serial number: 0x7777062726a9b17c
Valid from Fri Jan 29 14:06:06 UTC 2010 until Tue Dec 31 14:06:06 UTC 2030
adding as trusted cert:
Subject: CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
Issuer: CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
Algorithm: RSA; Serial number: 0x444c0
Valid from Wed Oct 22 12:07:37 UTC 2008 until Mon Dec 31 12:07:37 UTC 2029
adding as trusted cert:
Subject: EMAILADDRESS=personal-basic@thawte.com, CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Issuer: EMAILADDRESS=personal-basic@thawte.com, CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x0
Valid from Mon Jan 01 00:00:00 UTC 1996 until Thu Dec 31 23:59:59 UTC 2020
adding as trusted cert:
Subject: CN=TC TrustCenter Class 2 CA II, OU=TC TrustCenter Class 2 CA, O=TC TrustCenter GmbH, C=DE
Issuer: CN=TC TrustCenter Class 2 CA II, OU=TC TrustCenter Class 2 CA, O=TC TrustCenter GmbH, C=DE
Algorithm: RSA; Serial number: 0x2e6a000100021fd752212c115c3b
Valid from Thu Jan 12 14:38:43 UTC 2006 until Wed Dec 31 22:59:59 UTC 2025
adding as trusted cert:
Subject: CN=Sonera Class2 CA, O=Sonera, C=FI
Issuer: CN=Sonera Class2 CA, O=Sonera, C=FI
Algorithm: RSA; Serial number: 0x1d
Valid from Fri Apr 06 07:29:40 UTC 2001 until Tue Apr 06 07:29:40 UTC 2021
adding as trusted cert:
Subject: CN=America Online Root Certification Authority 1, O=America Online Inc., C=US
Issuer: CN=America Online Root Certification Authority 1, O=America Online Inc., C=US
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 28 06:00:00 UTC 2002 until Thu Nov 19 20:43:00 UTC 2037
adding as trusted cert:
Subject: CN=GeoTrust Primary Certification Authority - G2, OU=(c) 2007 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US
Issuer: CN=GeoTrust Primary Certification Authority - G2, OU=(c) 2007 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US
Algorithm: EC; Serial number: 0x3cb2f4480a00e2feeb243b5e603ec36b
Valid from Mon Nov 05 00:00:00 UTC 2007 until Mon Jan 18 23:59:59 UTC 2038
adding as trusted cert:
Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Algorithm: RSA; Serial number: 0x35def4cf
Valid from Sat Aug 22 16:41:51 UTC 1998 until Wed Aug 22 16:41:51 UTC 2018
adding as trusted cert:
Subject: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Algorithm: RSA; Serial number: 0x2ac5c266a0b409b8f0b79f2ae462577
Valid from Fri Nov 10 00:00:00 UTC 2006 until Mon Nov 10 00:00:00 UTC 2031
adding as trusted cert:
Subject: CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US
Issuer: CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US
Algorithm: RSA; Serial number: 0x1
Valid from Thu Mar 04 05:00:00 UTC 2004 until Sun Mar 04 05:00:00 UTC 2029
adding as trusted cert:
Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
Algorithm: RSA; Serial number: 0x4000000000121585308a2
Valid from Wed Mar 18 10:00:00 UTC 2009 until Sun Mar 18 10:00:00 UTC 2029
adding as trusted cert:
Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Algorithm: RSA; Serial number: 0x20000b9
Valid from Fri May 12 18:46:00 UTC 2000 until Mon May 12 23:59:00 UTC 2025
adding as trusted cert:
Subject: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Issuer: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Algorithm: RSA; Serial number: 0x0
Valid from Tue Jun 29 17:39:16 UTC 2004 until Thu Jun 29 17:39:16 UTC 2034
adding as trusted cert:
Subject: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB
Issuer: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB
Algorithm: RSA; Serial number: 0x1
Valid from Thu Jan 01 00:00:00 UTC 2004 until Sun Dec 31 23:59:59 UTC 2028
adding as trusted cert:
Subject: CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Issuer: CN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Algorithm: RSA; Serial number: 0x7
Valid from Tue May 03 07:00:00 UTC 2011 until Sat May 03 07:00:00 UTC 2031
adding as trusted cert:
Subject: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Issuer: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362afe650afd
Valid from Fri Jul 09 18:10:42 UTC 1999 until Tue Jul 09 18:19:22 UTC 2019
adding as trusted cert:
Subject: CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU
Issuer: CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU
Algorithm: RSA; Serial number: 0x0
Valid from Tue Sep 30 16:13:43 UTC 2003 until Wed Sep 30 16:13:44 UTC 2037
adding as trusted cert:
Subject: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0xcdba7f56f0dfe4bc54fe22acb372aa55
Valid from Mon Jan 29 00:00:00 UTC 1996 until Tue Aug 01 23:59:59 UTC 2028
adding as trusted cert:
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x9b7e0649a33e62b9d5ee90487129ef57
Valid from Fri Oct 01 00:00:00 UTC 1999 until Wed Jul 16 23:59:59 UTC 2036
adding as trusted cert:
Subject: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
Issuer: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
Algorithm: RSA; Serial number: 0x40000000001154b5ac394
Valid from Tue Sep 01 12:00:00 UTC 1998 until Fri Jan 28 12:00:00 UTC 2028
adding as trusted cert:
Subject: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Issuer: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362de0b35f1b
Valid from Fri Jul 09 18:31:20 UTC 1999 until Tue Jul 09 18:40:36 UTC 2019
adding as trusted cert:
Subject: CN=AffirmTrust Networking, O=AffirmTrust, C=US
Issuer: CN=AffirmTrust Networking, O=AffirmTrust, C=US
Algorithm: RSA; Serial number: 0x7c4f04391cd4992d
Valid from Fri Jan 29 14:08:24 UTC 2010 until Tue Dec 31 14:08:24 UTC 2030
adding as trusted cert:
Subject: CN=AffirmTrust Premium, O=AffirmTrust, C=US
Issuer: CN=AffirmTrust Premium, O=AffirmTrust, C=US
Algorithm: RSA; Serial number: 0x6d8c1446b1a60aee
Valid from Fri Jan 29 14:10:36 UTC 2010 until Mon Dec 31 14:10:36 UTC 2040
adding as trusted cert:
Subject: OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x2d1bfc4a178da391ebe7fff58b45be0b
Valid from Mon Jan 29 00:00:00 UTC 1996 until Tue Aug 01 23:59:59 UTC 2028
adding as trusted cert:
Subject: CN=TC TrustCenter Class 4 CA II, OU=TC TrustCenter Class 4 CA, O=TC TrustCenter GmbH, C=DE
Issuer: CN=TC TrustCenter Class 4 CA II, OU=TC TrustCenter Class 4 CA, O=TC TrustCenter GmbH, C=DE
Algorithm: RSA; Serial number: 0x5c00001000241d0060a4dce7510
Valid from Thu Mar 23 14:10:23 UTC 2006 until Wed Dec 31 22:59:59 UTC 2025
adding as trusted cert:
Subject: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
Issuer: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
Algorithm: RSA; Serial number: 0x20000bf
Valid from Wed May 17 14:01:00 UTC 2000 until Sat May 17 23:59:00 UTC 2025
adding as trusted cert:
Subject: CN=America Online Root Certification Authority 2, O=America Online Inc., C=US
Issuer: CN=America Online Root Certification Authority 2, O=America Online Inc., C=US
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 28 06:00:00 UTC 2002 until Tue Sep 29 14:08:00 UTC 2037
adding as trusted cert:
Subject: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU
Issuer: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU
Algorithm: RSA; Serial number: 0xae8219053f5e8271
Valid from Wed Dec 07 11:29:21 UTC 2011 until Sat Jul 31 11:29:21 UTC 2038
adding as trusted cert:
Subject: CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US
Issuer: CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US
Algorithm: RSA; Serial number: 0x15ac6e9419b2794b41f627a9c3180f1f
Valid from Wed Apr 02 00:00:00 UTC 2008 until Tue Dec 01 23:59:59 UTC 2037
adding as trusted cert:
Subject: CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU
Issuer: CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU
Algorithm: RSA; Serial number: 0xa3da427ea4b1aeda
Valid from Fri Aug 01 12:29:50 UTC 2008 until Sat Jul 31 12:29:50 UTC 2038
adding as trusted cert:
Subject: CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH
Issuer: CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH
Algorithm: RSA; Serial number: 0x4f1bd42f54bb2f4b
Valid from Wed Oct 25 08:32:46 UTC 2006 until Sat Oct 25 08:32:46 UTC 2036
adding as trusted cert:
Subject: CN=Entrust Root Certification Authority - G2, OU="(c) 2009 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
Issuer: CN=Entrust Root Certification Authority - G2, OU="(c) 2009 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US
Algorithm: RSA; Serial number: 0x4a538c28
Valid from Tue Jul 07 17:25:54 UTC 2009 until Sat Dec 07 17:55:54 UTC 2030
adding as trusted cert:
Subject: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Algorithm: RSA; Serial number: 0xce7e0e517d846fe8fe560fc1bf03039
Valid from Fri Nov 10 00:00:00 UTC 2006 until Mon Nov 10 00:00:00 UTC 2031
adding as trusted cert:
Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
Algorithm: RSA; Serial number: 0x0
Valid from Tue Jun 29 17:06:20 UTC 2004 until Thu Jun 29 17:06:20 UTC 2034
adding as trusted cert:
Subject: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Issuer: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 30 10:48:38 UTC 2000 until Sat May 30 10:48:38 UTC 2020
adding as trusted cert:
Subject: CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE
Issuer: CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE
Algorithm: RSA; Serial number: 0x1
Valid from Wed Oct 01 10:29:56 UTC 2008 until Sat Oct 01 23:59:59 UTC 2033
adding as trusted cert:
Subject: CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Issuer: CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Algorithm: RSA; Serial number: 0x44be0c8b500024b411d336252567c989
Valid from Fri Jul 09 17:28:50 UTC 1999 until Tue Jul 09 17:36:58 UTC 2019
adding as trusted cert:
Subject: CN=Class 2 Primary CA, O=Certplus, C=FR
Issuer: CN=Class 2 Primary CA, O=Certplus, C=FR
Algorithm: RSA; Serial number: 0x85bd4bf3d8dae369f694d75fc3a54423
Valid from Wed Jul 07 17:05:00 UTC 1999 until Sat Jul 06 23:59:59 UTC 2019
adding as trusted cert:
Subject: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Issuer: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x1
Valid from Thu Aug 01 00:00:00 UTC 1996 until Thu Dec 31 23:59:59 UTC 2020
adding as trusted cert:
Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Algorithm: RSA; Serial number: 0x23456
Valid from Tue May 21 04:00:00 UTC 2002 until Sat May 21 04:00:00 UTC 2022
adding as trusted cert:
Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
Issuer: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
Algorithm: RSA; Serial number: 0x4eb200670c035d4f
Valid from Wed Oct 25 08:36:00 UTC 2006 until Sat Oct 25 08:36:00 UTC 2036
adding as trusted cert:
Subject: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x6170cb498c5f984529e7b0a6d9505b7a
Valid from Fri Oct 01 00:00:00 UTC 1999 until Wed Jul 16 23:59:59 UTC 2036
adding as trusted cert:
Subject: CN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Issuer: CN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Algorithm: RSA; Serial number: 0x0
Valid from Tue Sep 01 00:00:00 UTC 2009 until Thu Dec 31 23:59:59 UTC 2037
adding as trusted cert:
Subject: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
Issuer: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
Algorithm: RSA; Serial number: 0x3863def8
Valid from Fri Dec 24 17:50:51 UTC 1999 until Tue Jul 24 14:15:12 UTC 2029
adding as trusted cert:
Subject: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
Issuer: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
Algorithm: RSA; Serial number: 0x344ed55720d5edec49f42fce37db2b6d
Valid from Fri Nov 17 00:00:00 UTC 2006 until Wed Jul 16 23:59:59 UTC 2036
adding as trusted cert:
Subject: EMAILADDRESS=server-certs@thawte.com, CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Issuer: EMAILADDRESS=server-certs@thawte.com, CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x1
Valid from Thu Aug 01 00:00:00 UTC 1996 until Thu Dec 31 23:59:59 UTC 2020
adding as trusted cert:
Subject: CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US
Issuer: CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US
Algorithm: RSA; Serial number: 0x0
Valid from Tue Sep 01 00:00:00 UTC 2009 until Thu Dec 31 23:59:59 UTC 2037
adding as trusted cert:
Subject: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x8b5b75568454850b00cfaf3848ceb1a4
Valid from Fri Oct 01 00:00:00 UTC 1999 until Wed Jul 16 23:59:59 UTC 2036
adding as trusted cert:
Subject: EMAILADDRESS=personal-freemail@thawte.com, CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Issuer: EMAILADDRESS=personal-freemail@thawte.com, CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x123df0e7da2a2247a43889e08aeec967
Valid from Mon Jan 01 00:00:00 UTC 1996 until Fri Jan 01 23:59:59 UTC 2021
adding as trusted cert:
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: EC; Serial number: 0x2f80fe238c0e220f486712289187acb3
Valid from Mon Nov 05 00:00:00 UTC 2007 until Mon Jan 18 23:59:59 UTC 2038
adding as trusted cert:
Subject: CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US
Issuer: CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US
Algorithm: RSA; Serial number: 0x456b5054
Valid from Mon Nov 27 20:23:42 UTC 2006 until Fri Nov 27 20:53:42 UTC 2026
adding as trusted cert:
Subject: CN=TC TrustCenter Universal CA I, OU=TC TrustCenter Universal CA, O=TC TrustCenter GmbH, C=DE
Issuer: CN=TC TrustCenter Universal CA I, OU=TC TrustCenter Universal CA, O=TC TrustCenter GmbH, C=DE
Algorithm: RSA; Serial number: 0x1da200010002ecb76080788db606
Valid from Wed Mar 22 15:54:28 UTC 2006 until Wed Dec 31 22:59:59 UTC 2025
adding as trusted cert:
Subject: CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Issuer: CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Algorithm: RSA; Serial number: 0x10020
Valid from Tue Jun 11 10:46:39 UTC 2002 until Fri Jun 11 10:46:39 UTC 2027
adding as trusted cert:
Subject: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
Issuer: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 30 10:44:50 UTC 2000 until Sat May 30 10:44:50 UTC 2020
adding as trusted cert:
Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x70bae41d10d92934b638ca7b03ccbabf
Valid from Mon Jan 29 00:00:00 UTC 1996 until Tue Aug 01 23:59:59 UTC 2028
adding as trusted cert:
Subject: CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO
Issuer: CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO
Algorithm: RSA; Serial number: 0x2
Valid from Tue Oct 26 08:38:03 UTC 2010 until Fri Oct 26 08:38:03 UTC 2040
adding as trusted cert:
Subject: CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH
Issuer: CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH
Algorithm: RSA; Serial number: 0xbb401c43f55e4fb0
Valid from Wed Oct 25 08:30:35 UTC 2006 until Sat Oct 25 08:30:35 UTC 2036
adding as trusted cert:
Subject: CN=Certum Trusted Network CA 2, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
Issuer: CN=Certum Trusted Network CA 2, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
Algorithm: RSA; Serial number: 0xb85914713f57df8f31c0333dd2d6197a2317b4eb
Valid from Thu Oct 06 08:39:56 UTC 2011 until Sat Oct 06 08:39:56 UTC 2046
adding as trusted cert:
Subject: CN=UTN - DATACorp SGC, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Issuer: CN=UTN - DATACorp SGC, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Algorithm: RSA; Serial number: 0x44be0c8b500021b411d32a6806a9ad69
Valid from Thu Jun 24 18:57:21 UTC 1999 until Mon Jun 24 19:06:30 UTC 2019
adding as trusted cert:
Subject: CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM
Issuer: CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM
Algorithm: RSA; Serial number: 0x509
Valid from Fri Nov 24 18:27:00 UTC 2006 until Mon Nov 24 18:23:33 UTC 2031
adding as trusted cert:
Subject: CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche Telekom AG, C=DE
Issuer: CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche Telekom AG, C=DE
Algorithm: RSA; Serial number: 0x26
Valid from Fri Jul 09 12:11:00 UTC 1999 until Tue Jul 09 23:59:00 UTC 2019
adding as trusted cert:
Subject: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM
Issuer: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM
Algorithm: RSA; Serial number: 0x78585f2ead2c194be3370735341328b596d46593
Valid from Thu Jan 12 17:27:44 UTC 2012 until Sun Jan 12 17:27:44 UTC 2042
adding as trusted cert:
Subject: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x3f691e819cf09a4af373ffb948a2e4dd
Valid from Mon Jan 29 00:00:00 UTC 1996 until Wed Aug 02 23:59:59 UTC 2028
adding as trusted cert:
Subject: CN=VeriSign Class 3 Secure Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x6ecc7aa5a7032009b8cebcf4e952d491
Valid from Mon Feb 08 00:00:00 UTC 2010 until Fri Feb 07 23:59:59 UTC 2020
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0xb92f60cc889fa17a4609b85b706c8aaf
Valid from Mon May 18 00:00:00 UTC 1998 until Tue Aug 01 23:59:59 UTC 2028
adding as trusted cert:
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x18dad19e267de8bb4a2158cdcc6b3b4a
Valid from Wed Nov 08 00:00:00 UTC 2006 until Wed Jul 16 23:59:59 UTC 2036
adding as trusted cert:
Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Algorithm: RSA; Serial number: 0x400000000010f8626e60d
Valid from Fri Dec 15 08:00:00 UTC 2006 until Wed Dec 15 08:00:00 UTC 2021
adding as trusted cert:
Subject: CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM
Issuer: CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM
Algorithm: RSA; Serial number: 0x5c6
Valid from Fri Nov 24 19:11:23 UTC 2006 until Mon Nov 24 19:06:44 UTC 2031
adding as trusted cert:
Subject: CN=QuoVadis Root CA 3 G3, O=QuoVadis Limited, C=BM
Issuer: CN=QuoVadis Root CA 3 G3, O=QuoVadis Limited, C=BM
Algorithm: RSA; Serial number: 0x2ef59b0228a7db7affd5a3a9eebd03a0cf126a1d
Valid from Thu Jan 12 20:26:32 UTC 2012 until Sun Jan 12 20:26:32 UTC 2042
adding as trusted cert:
Subject: OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US
Issuer: OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US
Algorithm: RSA; Serial number: 0x3770cfb5
Valid from Wed Jun 23 12:14:45 UTC 1999 until Sun Jun 23 12:14:45 UTC 2019
adding as trusted cert:
Subject: EMAILADDRESS=server-certs@thawte.com, CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Issuer: EMAILADDRESS=server-certs@thawte.com, CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x34a4fff630af4ca53c331742a1946675
Valid from Thu Aug 01 00:00:00 UTC 1996 until Fri Jan 01 23:59:59 UTC 2021
adding as trusted cert:
Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x3c9131cb1ff6d01b0e9ab8d044bf12be
Valid from Mon Jan 29 00:00:00 UTC 1996 until Wed Aug 02 23:59:59 UTC 2028
adding as trusted cert:
Subject: CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM
Issuer: CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM
Algorithm: RSA; Serial number: 0x3ab6508b
Valid from Mon Mar 19 18:33:33 UTC 2001 until Wed Mar 17 18:33:33 UTC 2021
adding as trusted cert:
Subject: CN=Class 3P Primary CA, O=Certplus, C=FR
Issuer: CN=Class 3P Primary CA, O=Certplus, C=FR
Algorithm: RSA; Serial number: 0xbf5cdbb6f21c6ec04deb7a023b36e879
Valid from Wed Jul 07 17:10:00 UTC 1999 until Sat Jul 06 23:59:59 UTC 2019
adding as trusted cert:
Subject: EMAILADDRESS=personal-freemail@thawte.com, CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Issuer: EMAILADDRESS=personal-freemail@thawte.com, CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x0
Valid from Mon Jan 01 00:00:00 UTC 1996 until Thu Dec 31 23:59:59 UTC 2020
adding as trusted cert:
Subject: CN=Buypass Class 3 Root CA, O=Buypass AS-983163327, C=NO
Issuer: CN=Buypass Class 3 Root CA, O=Buypass AS-983163327, C=NO
Algorithm: RSA; Serial number: 0x2
Valid from Tue Oct 26 08:28:58 UTC 2010 until Fri Oct 26 08:28:58 UTC 2040
adding as trusted cert:
Subject: OU=Security Communication EV RootCA1, O="SECOM Trust Systems CO.,LTD.", C=JP
Issuer: OU=Security Communication EV RootCA1, O="SECOM Trust Systems CO.,LTD.", C=JP
Algorithm: RSA; Serial number: 0x0
Valid from Wed Jun 06 02:12:32 UTC 2007 until Sat Jun 06 02:12:32 UTC 2037
adding as trusted cert:
Subject: CN=thawte Primary Root CA - G2, OU="(c) 2007 thawte, Inc. - For authorized use only", O="thawte, Inc.", C=US
Issuer: CN=thawte Primary Root CA - G2, OU="(c) 2007 thawte, Inc. - For authorized use only", O="thawte, Inc.", C=US
Algorithm: EC; Serial number: 0x35fc265cd9844fc93d263d579baed756
Valid from Mon Nov 05 00:00:00 UTC 2007 until Mon Jan 18 23:59:59 UTC 2038
adding as trusted cert:
Subject: EMAILADDRESS=personal-premium@thawte.com, CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Issuer: EMAILADDRESS=personal-premium@thawte.com, CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x0
Valid from Mon Jan 01 00:00:00 UTC 1996 until Thu Dec 31 23:59:59 UTC 2020
adding as trusted cert:
Subject: CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x401ac46421b31321030ebbe4121ac51d
Valid from Wed Apr 02 00:00:00 UTC 2008 until Tue Dec 01 23:59:59 UTC 2037
adding as trusted cert:
Subject: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
Issuer: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 30 10:38:31 UTC 2000 until Sat May 30 10:38:31 UTC 2020
adding as trusted cert:
Subject: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA
Issuer: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x0
Valid from Wed Jan 01 00:00:00 UTC 1997 until Thu Dec 31 23:59:59 UTC 2020
adding as trusted cert:
Subject: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU
Issuer: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU
Algorithm: RSA; Serial number: 0xc9cdd3e9d57d23ce
Valid from Fri Aug 01 12:31:40 UTC 2008 until Sat Jul 31 12:31:40 UTC 2038
adding as trusted cert:
Subject: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Issuer: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
Algorithm: RSA; Serial number: 0x1
Valid from Fri Jun 25 22:23:48 UTC 1999 until Tue Jun 25 22:23:48 UTC 2019
adding as trusted cert:
Subject: CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
Issuer: CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US
Algorithm: RSA; Serial number: 0x600197b746a7eab4b49ad64b2ff790fb
Valid from Wed Apr 02 00:00:00 UTC 2008 until Tue Dec 01 23:59:59 UTC 2037
adding as trusted cert:
Subject: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Issuer: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
Algorithm: RSA; Serial number: 0x1a5
Valid from Thu Aug 13 00:29:00 UTC 1998 until Mon Aug 13 23:59:00 UTC 2018
adding as trusted cert:
Subject: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Issuer: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x36122296c5e338a520a1d25f4cd70954
Valid from Thu Aug 01 00:00:00 UTC 1996 until Fri Jan 01 23:59:59 UTC 2021
adding as trusted cert:
Subject: CN=AffirmTrust Premium ECC, O=AffirmTrust, C=US
Issuer: CN=AffirmTrust Premium ECC, O=AffirmTrust, C=US
Algorithm: EC; Serial number: 0x7497258ac73f7a54
Valid from Fri Jan 29 14:20:24 UTC 2010 until Mon Dec 31 14:20:24 UTC 2040
adding as trusted cert:
Subject: CN=Sonera Class1 CA, O=Sonera, C=FI
Issuer: CN=Sonera Class1 CA, O=Sonera, C=FI
Algorithm: RSA; Serial number: 0x24
Valid from Fri Apr 06 10:49:13 UTC 2001 until Tue Apr 06 10:49:13 UTC 2021
adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x4cc7eaaa983e71d39310f83d3a899192
Valid from Mon May 18 00:00:00 UTC 1998 until Tue Aug 01 23:59:59 UTC 2028
adding as trusted cert:
Subject: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR
Issuer: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR
Algorithm: RSA; Serial number: 0x1121bc276c5547af584eefd4ced629b2a285
Valid from Tue May 26 00:00:00 UTC 2009 until Tue May 26 00:00:00 UTC 2020
adding as trusted cert:
Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US
Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US
Algorithm: RSA; Serial number: 0x374ad243
Valid from Tue May 25 16:09:40 UTC 1999 until Sat May 25 16:39:40 UTC 2019
Installed Providers =
IBMJSSE2
IBMJCE
IBMJGSSProvider
IBMCertPath
IBMSASL
IBMXMLCRYPTO
IBMXMLEnc
IBMSPNEGO
SUN
keyStore is: /opt/ibm/java/jre/lib/security/cacerts
keyStore type is: jks
keyStore provider is:
init keystore
SSLContextImpl: Using X509ExtendedKeyManager com.ibm.jsse2.aw
SSLContextImpl: Using X509TrustManager com.ibm.jsse2.aA
JsseJCE: Using SecureRandom IBMSecureRandom from provider IBMJCE version 1.8
trigger seeding of SecureRandom
done seeding SecureRandom
IBMJSSE2 will enable CBC protection
JsseJCE: Using SecureRandom IBMSecureRandom from provider IBMJCE version 1.8
JsseJCE: Using KeyAgreement ECDH from provider IBMJCE version 1.8
JsseJCE: Using signature SHA1withECDSA from provider TBD via init
JsseJCE: Using signature NONEwithECDSA from provider TBD via init
JsseJCE: Using KeyFactory EC from provider IBMJCE version 1.8
JsseJCE: Using KeyPairGenerator EC from provider TBD via init
JsseJce: EC is available
jdk.tls.client.protocols is defined as null
SSLv3 protocol was requested but was not enabled
SSLv3 protocol was requested but was not enabled
SUPPORTED: [TLSv1, TLSv1.1, TLSv1.2]
SERVER_DEFAULT: [TLSv1, TLSv1.1, TLSv1.2]
CLIENT_DEFAULT: [TLSv1, TLSv1.1, TLSv1.2]
IBMJSSE2 will allow RFC 5746 renegotiation per com.ibm.jsse2.renegotiate set to none or default
IBMJSSE2 will not require renegotiation indicator during initial handshake per com.ibm.jsse2.renegotiation.indicator set to OPTIONAL or default taken
IBMJSSE2 will not perform identity checking against the peer cert check during renegotiation per com.ibm.jsse2.renegotiation.peer.cert.check set to OFF or default
IBMJSSE2 will allow client initiated renegotiation per jdk.tls.rejectClientInitiatedRenegotiation set to FALSE or default
IBMJSSE2 will not allow unsafe server certificate change during renegotiation per jdk.tls.allowUnsafeServerCertChange set to FALSE or default
Is initial handshake: true
main, called close()
main, called closeInternal(true)
main, called closeSocket(true)
Exception in thread "main" java.lang.RuntimeException: java.net.UnknownServiceException: Unable to find acceptable protocols. isFallback=false, modes=[ConnectionSpec(cipherSuites=[TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA], tlsVersions=[TLS_1_3, TLS_1_2, TLS_1_1, TLS_1_0], supportsTlsExtensions=true), ConnectionSpec(cipherSuites=[TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA], tlsVersions=[TLS_1_0], supportsTlsExtensions=true), ConnectionSpec()], supported protocols=[TLSv1, TLSv1.1, TLSv1.2]
at com.ibm.watson.developer_cloud.service.WatsonService$2.execute(WatsonService.java:234)
at com.ibm.watson.developer_cloud.text_to_speech.v1.Example.main(Example.java:14)
Caused by: java.net.UnknownServiceException: Unable to find acceptable protocols. isFallback=false, modes=[ConnectionSpec(cipherSuites=[TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA], tlsVersions=[TLS_1_3, TLS_1_2, TLS_1_1, TLS_1_0], supportsTlsExtensions=true), ConnectionSpec(cipherSuites=[TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA], tlsVersions=[TLS_1_0], supportsTlsExtensions=true), ConnectionSpec()], supported protocols=[TLSv1, TLSv1.1, TLSv1.2]
at okhttp3.internal.connection.ConnectionSpecSelector.configureSecureSocket(ConnectionSpecSelector.java:73)
at okhttp3.internal.connection.RealConnection.connectTls(RealConnection.java:260)
at okhttp3.internal.connection.RealConnection.establishProtocol(RealConnection.java:237)
at okhttp3.internal.connection.RealConnection.connect(RealConnection.java:148)
at okhttp3.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:186)
at okhttp3.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:121)
at okhttp3.internal.connection.StreamAllocation.newStream(StreamAllocation.java:100)
at okhttp3.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
at okhttp3.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:93)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
at okhttp3.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
at okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:120)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:92)
at okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:67)
at okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:179)
at okhttp3.RealCall.execute(RealCall.java:63)
at com.ibm.watson.developer_cloud.service.WatsonService$2.execute(WatsonService.java:231)
... 1 more
So nothing like this in the output :(
*** ClientHello, TLSv1
RandomCookie: GMT: 1073239164 bytes = { 10, 80, 71, 86, 124, 135, 104,
151, 72, 153, 70, 28, 97, 232, 160, 217, 146, 178, 87, 255, 122, 147, 83,
197, 60, 187, 227, 76 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA,
SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5,
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
***
[write] MD5 and SHA1 hashes: len = 73
0000: 01 00 00 45 03 01 40 F8 54 7C 0A 50 47 56 7C 87 ...E..@.T..PGV..
0010: 68 97 48 99 46 1C 61 E8 A0 D9 92 B2 57 FF 7A 93 h.H.F.a.....W.z.
0020: 53 C5 3C BB E3 4C 00 00 1E 00 04 00 05 00 2F 00 S.<..L......../.
0030: 33 00 32 00 0A 00 16 00 13 00 09 00 15 00 12 00 3.2.............
0040: 03 00 08 00 14 00 11 01 00 .........
main, WRITE: TLSv1 Handshake, length = 73
[write] MD5 and SHA1 hashes: len = 98
0000: 01 03 01 00 39 00 00 00 20 00 00 04 01 00 80 00 ....9... .......
0010: 00 05 00 00 2F 00 00 33 00 00 32 00 00 0A 07 00 ..../..3..2.....
0020: C0 00 00 16 00 00 13 00 00 09 06 00 40 00 00 15 ............@...
0030: 00 00 12 00 00 03 02 00 80 00 00 08 00 00 14 00 ................
0040: 00 11 40 F8 54 7C 0A 50 47 56 7C 87 68 97 48 99 ..@.T..PGV..h.H.
0050: 46 1C 61 E8 A0 D9 92 B2 57 FF 7A 93 53 C5 3C BB F.a.....W.z.S.<.
0060: E3 4C .L
main, WRITE: SSLv2 client hello message, length = 98```
Ugh. Well, that took too long.
The example https://gist.github.com/swankjesse/d094cb17d0562520cdbf64254542694a does not work with okhttp 3.6.0. There is nothing wrong with this code, it just won't work on the released okhttp (and is not needed with the upcoming release of okhttp).
@german - here is the code that will work for all JDKs:
ConnectionSpec spec =
new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS)
.allEnabledCipherSuites()
.build();
builder.connectionSpecs(Collections.singletonList(spec));
What this does is prevent OkHttp from removing all the cipher suites that don't match it's internal whitelist. This is generally safe because:
- The JDK defaults are updated to remove suites once they are known to be unsafe (at least IBM and Oracle). Of course if you are on an older JDK you may be using an unsafe suite accidentally.
- We expect people using the Watson SDK to attach to only our servers where we should have only a safe set of suites available (well most of the time - witness our current attempts to remove 3DES!)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Here is the output from the terminal