Autenticação com e-CPF Certisign

Camaradas,

Bem, ando tentando implementar aqui SSL com autenticação cliente SmartCard x509 usando o e-CPF da Certisign que tenho desde 2010. Passos que segui:

  1. Abri o Cacerts da JVM, e botei dentro os três certificados digitais que a Certisign oferece p/ Download em seu site: http://www.certisign.com.br/suporte/utilitarios-criptograficos/hierarquias-de-certificacao/icp-brasil/e-cpf-v2
  2. Criei um keystore do zero, e botei esses mesmos três certificados (tomcat-truststore.jks)
  3. Criei um outro keystore, e gravei um unico certificado digital do zero nele, que está sem CA, dentro de tomcat.jks

O meu connector do tomcat está configurado da seguinte forma:

<Connector clientAuth="true" port="8443" minSpareThreads="5" maxSpareThreads="75" enableLookups="true" disableUploadTimeout="true" acceptCount="100" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" SSLVerifyClient="require" SSLEngine="on" SSLVerifyDepth="2" sslProtocol="TLS" keystoreFile="/home/darkstar/appservers/tomcat/certificates/tomcat.jks" keystoreType="JKS" keystorePass="test" truststoreFile="/home/darkstar/appservers/tomcat/certificates/tomcat-truststore.jks" truststoreType="JKS" truststorePass="test" />

Quando vou acessar o endereço pelo Firefox, ele me retorna:

[quote]SSL peer cannot verify your certificate.

(Error code: ssl_error_bad_cert_alert)[/quote]

Analisando o stdout do tomcat, com o ssl e handshake habilitados pra debug, eu recebo:

[quote]usage: java org.apache.catalina.startup.Catalina [ -config {pathname} ] [ -nonaming ] { -help | start | stop }
Feb 7, 2012 11:10:30 AM org.apache.catalina.core.AprLifecycleListener init
INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /home/darkstar/Downloads/jdk1.6.0_25/bin:/home/darkstar/appservers/tomcat/bin
trustStore is: /home/darkstar/Downloads/jdk1.6.0_25/jre/lib/security/cacerts
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
Issuer: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
Algorithm: RSA; Serial number: 0x4eb200670c035d4f
Valid from Wed Oct 25 04:36:00 BRT 2006 until Sat Oct 25 05:36:00 BRT 2036

adding as trusted cert:
Subject: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O=“ValiCert, Inc.”, L=ValiCert Validation Network
Issuer: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O=“ValiCert, Inc.”, L=ValiCert Validation Network
Algorithm: RSA; Serial number: 0x1
Valid from Fri Jun 25 18:23:48 BRT 1999 until Tue Jun 25 19:23:48 BRT 2019

adding as trusted cert:
Subject: CN=thawte Primary Root CA, OU=“© 2006 thawte, Inc. - For authorized use only”, OU=Certification Services Division, O=“thawte, Inc.”, C=US
Issuer: CN=thawte Primary Root CA, OU=“© 2006 thawte, Inc. - For authorized use only”, OU=Certification Services Division, O=“thawte, Inc.”, C=US
Algorithm: RSA; Serial number: 0x344ed55720d5edec49f42fce37db2b6d
Valid from Thu Nov 16 20:00:00 BRT 2006 until Wed Jul 16 20:59:59 BRT 2036

adding as trusted cert:
Subject: CN=Entrust Root Certification Authority, OU=“© 2006 Entrust, Inc.”, OU=www.entrust.net/CPS is incorporated by reference, O=“Entrust, Inc.”, C=US
Issuer: CN=Entrust Root Certification Authority, OU=“© 2006 Entrust, Inc.”, OU=www.entrust.net/CPS is incorporated by reference, O=“Entrust, Inc.”, C=US
Algorithm: RSA; Serial number: 0x456b5054
Valid from Mon Nov 27 16:23:42 BRT 2006 until Fri Nov 27 17:53:42 BRT 2026

adding as trusted cert:
Subject: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR
Issuer: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR
Algorithm: RSA; Serial number: 0x1121bc276c5547af584eefd4ced629b2a285
Valid from Mon May 25 21:00:00 BRT 2009 until Mon May 25 21:00:00 BRT 2020

adding as trusted cert:
Subject: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU
Issuer: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU
Algorithm: RSA; Serial number: 0xc9cdd3e9d57d23ce
Valid from Fri Aug 01 09:31:40 BRT 2008 until Sat Jul 31 09:31:40 BRT 2038

adding as trusted cert:
Subject: CN=America Online Root Certification Authority 2, O=America Online Inc., C=US
Issuer: CN=America Online Root Certification Authority 2, O=America Online Inc., C=US
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 28 02:00:00 BRT 2002 until Tue Sep 29 11:08:00 BRT 2037

adding as trusted cert:
Subject: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
Issuer: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 30 06:44:50 BRT 2000 until Sat May 30 07:44:50 BRT 2020

adding as trusted cert:
Subject: CN=AC Secretaria da Receita Federal do Brasil, O=ICP-Brasil, C=BR
Issuer: CN=Autoridade Certificadora Raiz Brasileira v1, OU=Instituto Nacional de Tecnologia da Informacao - ITI, O=ICP-Brasil, C=BR
Algorithm: RSA; Serial number: 0x5
Valid from Fri Oct 24 09:39:46 BRT 2008 until Wed Oct 24 09:39:46 BRT 2018

adding as trusted cert:
Subject: CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM
Issuer: CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM
Algorithm: RSA; Serial number: 0x3ab6508b
Valid from Mon Mar 19 14:33:33 BRT 2001 until Wed Mar 17 15:33:33 BRT 2021

adding as trusted cert:
Subject: CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH
Issuer: CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH
Algorithm: RSA; Serial number: 0x4f1bd42f54bb2f4b
Valid from Wed Oct 25 04:32:46 BRT 2006 until Sat Oct 25 05:32:46 BRT 2036

adding as trusted cert:
Subject: OU=Security Communication EV RootCA1, O=“SECOM Trust Systems CO.,LTD.”, C=JP
Issuer: OU=Security Communication EV RootCA1, O=“SECOM Trust Systems CO.,LTD.”, C=JP
Algorithm: RSA; Serial number: 0x0
Valid from Tue Jun 05 22:12:32 BRT 2007 until Fri Jun 05 23:12:32 BRT 2037

adding as trusted cert:
Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
Issuer: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
Algorithm: RSA; Serial number: 0x1
Valid from Mon Jun 21 00:00:00 BRT 1999 until Sun Jun 21 01:00:00 BRT 2020

adding as trusted cert:
Subject: CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH
Issuer: CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH
Algorithm: RSA; Serial number: 0xbb401c43f55e4fb0
Valid from Wed Oct 25 04:30:35 BRT 2006 until Sat Oct 25 05:30:35 BRT 2036

adding as trusted cert:
Subject: EMAILADDRESS=personal-freemail@thawte.com, CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Issuer: EMAILADDRESS=personal-freemail@thawte.com, CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x123df0e7da2a2247a43889e08aeec967
Valid from Sun Dec 31 20:00:00 BRT 1995 until Fri Jan 01 20:59:59 BRT 2021

adding as trusted cert:
Subject: CN=thawte Primary Root CA - G3, OU=“© 2008 thawte, Inc. - For authorized use only”, OU=Certification Services Division, O=“thawte, Inc.”, C=US
Issuer: CN=thawte Primary Root CA - G3, OU=“© 2008 thawte, Inc. - For authorized use only”, OU=Certification Services Division, O=“thawte, Inc.”, C=US
Algorithm: RSA; Serial number: 0x600197b746a7eab4b49ad64b2ff790fb
Valid from Tue Apr 01 20:00:00 BRT 2008 until Tue Dec 01 20:59:59 BRT 2037

adding as trusted cert:
Subject: CN=GTE CyberTrust Global Root, OU=“GTE CyberTrust Solutions, Inc.”, O=GTE Corporation, C=US
Issuer: CN=GTE CyberTrust Global Root, OU=“GTE CyberTrust Solutions, Inc.”, O=GTE Corporation, C=US
Algorithm: RSA; Serial number: 0x1a5
Valid from Wed Aug 12 20:29:00 BRT 1998 until Mon Aug 13 20:59:00 BRT 2018

adding as trusted cert:
Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Algorithm: RSA; Serial number: 0x20000b9
Valid from Fri May 12 14:46:00 BRT 2000 until Mon May 12 20:59:00 BRT 2025

adding as trusted cert:
Subject: OU=Class 1 Public Primary Certification Authority, O=“VeriSign, Inc.”, C=US
Issuer: OU=Class 1 Public Primary Certification Authority, O=“VeriSign, Inc.”, C=US
Algorithm: RSA; Serial number: 0x3f691e819cf09a4af373ffb948a2e4dd
Valid from Sun Jan 28 20:00:00 BRT 1996 until Wed Aug 02 20:59:59 BRT 2028

adding as trusted cert:
Subject: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Algorithm: RSA; Serial number: 0x2ac5c266a0b409b8f0b79f2ae462577
Valid from Thu Nov 09 20:00:00 BRT 2006 until Sun Nov 09 21:00:00 BRT 2031

adding as trusted cert:
Subject: CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM
Issuer: CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM
Algorithm: RSA; Serial number: 0x509
Valid from Fri Nov 24 14:27:00 BRT 2006 until Mon Nov 24 15:23:33 BRT 2031

adding as trusted cert:
Subject: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
Issuer: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
Algorithm: RSA; Serial number: 0x20000bf
Valid from Wed May 17 10:01:00 BRT 2000 until Sat May 17 20:59:00 BRT 2025

adding as trusted cert:
Subject: CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE
Issuer: CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE
Algorithm: RSA; Serial number: 0x1
Valid from Wed Oct 01 07:29:56 BRT 2008 until Sat Oct 01 20:59:59 BRT 2033

adding as trusted cert:
Subject: CN=Entrust.net Certification Authority (2048), OU=© 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
Issuer: CN=Entrust.net Certification Authority (2048), OU=© 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
Algorithm: RSA; Serial number: 0x3863def8
Valid from Fri Dec 24 13:50:51 BRT 1999 until Tue Jul 24 11:15:12 BRT 2029

adding as trusted cert:
Subject: CN=TC TrustCenter Class 4 CA II, OU=TC TrustCenter Class 4 CA, O=TC TrustCenter GmbH, C=DE
Issuer: CN=TC TrustCenter Class 4 CA II, OU=TC TrustCenter Class 4 CA, O=TC TrustCenter GmbH, C=DE
Algorithm: RSA; Serial number: 0x5c00001000241d0060a4dce7510
Valid from Thu Mar 23 10:10:23 BRT 2006 until Wed Dec 31 19:59:59 BRT 2025

adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU=“© 1998 VeriSign, Inc. - For authorized use only”, OU=Class 2 Public Primary Certification Authority - G2, O=“VeriSign, Inc.”, C=US
Issuer: OU=VeriSign Trust Network, OU=“© 1998 VeriSign, Inc. - For authorized use only”, OU=Class 2 Public Primary Certification Authority - G2, O=“VeriSign, Inc.”, C=US
Algorithm: RSA; Serial number: 0xb92f60cc889fa17a4609b85b706c8aaf
Valid from Sun May 17 20:00:00 BRT 1998 until Tue Aug 01 20:59:59 BRT 2028

adding as trusted cert:
Subject: EMAILADDRESS=server-certs@thawte.com, CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Issuer: EMAILADDRESS=server-certs@thawte.com, CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x34a4fff630af4ca53c331742a1946675
Valid from Wed Jul 31 20:00:00 BRT 1996 until Fri Jan 01 20:59:59 BRT 2021

adding as trusted cert:
Subject: CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche Telekom AG, C=DE
Issuer: CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche Telekom AG, C=DE
Algorithm: RSA; Serial number: 0x26
Valid from Fri Jul 09 08:11:00 BRT 1999 until Tue Jul 09 20:59:00 BRT 2019

adding as trusted cert:
Subject: CN=Entrust.net Secure Server Certification Authority, OU=© 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US
Issuer: CN=Entrust.net Secure Server Certification Authority, OU=© 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US
Algorithm: RSA; Serial number: 0x374ad243
Valid from Tue May 25 12:09:40 BRT 1999 until Sat May 25 13:39:40 BRT 2019

adding as trusted cert:
Subject: CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US
Issuer: CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US
Algorithm: RSA; Serial number: 0x1
Valid from Thu Mar 04 01:00:00 BRT 2004 until Sun Mar 04 02:00:00 BRT 2029

adding as trusted cert:
Subject: CN=TC TrustCenter Universal CA I, OU=TC TrustCenter Universal CA, O=TC TrustCenter GmbH, C=DE
Issuer: CN=TC TrustCenter Universal CA I, OU=TC TrustCenter Universal CA, O=TC TrustCenter GmbH, C=DE
Algorithm: RSA; Serial number: 0x1da200010002ecb76080788db606
Valid from Wed Mar 22 11:54:28 BRT 2006 until Wed Dec 31 19:59:59 BRT 2025

adding as trusted cert:
Subject: CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE
Issuer: CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE
Algorithm: RSA; Serial number: 0x1
Valid from Wed Oct 01 07:40:14 BRT 2008 until Sat Oct 01 20:59:59 BRT 2033

adding as trusted cert:
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU=“© 1999 VeriSign, Inc. - For authorized use only”, OU=VeriSign Trust Network, O=“VeriSign, Inc.”, C=US
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU=“© 1999 VeriSign, Inc. - For authorized use only”, OU=VeriSign Trust Network, O=“VeriSign, Inc.”, C=US
Algorithm: RSA; Serial number: 0x9b7e0649a33e62b9d5ee90487129ef57
Valid from Thu Sep 30 20:00:00 BRT 1999 until Wed Jul 16 20:59:59 BRT 2036

adding as trusted cert:
Subject: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O=“ValiCert, Inc.”, L=ValiCert Validation Network
Issuer: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O=“ValiCert, Inc.”, L=ValiCert Validation Network
Algorithm: RSA; Serial number: 0x1
Valid from Fri Jun 25 20:19:54 BRT 1999 until Tue Jun 25 21:19:54 BRT 2019

adding as trusted cert:
Subject: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Algorithm: RSA; Serial number: 0x83be056904246b1a1756ac95991c74a
Valid from Thu Nov 09 20:00:00 BRT 2006 until Sun Nov 09 21:00:00 BRT 2031

adding as trusted cert:
Subject: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
Issuer: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 30 06:38:31 BRT 2000 until Sat May 30 07:38:31 BRT 2020

adding as trusted cert:
Subject: CN=Autoridade Certificadora Raiz Brasileira v1, OU=Instituto Nacional de Tecnologia da Informacao - ITI, O=ICP-Brasil, C=BR
Issuer: CN=Autoridade Certificadora Raiz Brasileira v1, OU=Instituto Nacional de Tecnologia da Informacao - ITI, O=ICP-Brasil, C=BR
Algorithm: RSA; Serial number: 0x1
Valid from Tue Jul 29 16:17:10 BRT 2008 until Thu Jul 29 16:17:10 BRT 2021

adding as trusted cert:
Subject: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Issuer: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 30 06:48:38 BRT 2000 until Sat May 30 07:48:38 BRT 2020

adding as trusted cert:
Subject: CN=Class 2 Primary CA, O=Certplus, C=FR
Issuer: CN=Class 2 Primary CA, O=Certplus, C=FR
Algorithm: RSA; Serial number: 0x85bd4bf3d8dae369f694d75fc3a54423
Valid from Wed Jul 07 13:05:00 BRT 1999 until Sat Jul 06 20:59:59 BRT 2019

adding as trusted cert:
Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
Algorithm: RSA; Serial number: 0x35def4cf
Valid from Sat Aug 22 12:41:51 BRT 1998 until Wed Aug 22 13:41:51 BRT 2018

adding as trusted cert:
Subject: CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU
Issuer: CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU
Algorithm: RSA; Serial number: 0xa3da427ea4b1aeda
Valid from Fri Aug 01 09:29:50 BRT 2008 until Sat Jul 31 09:29:50 BRT 2038

adding as trusted cert:
Subject: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU=“© 1999 VeriSign, Inc. - For authorized use only”, OU=VeriSign Trust Network, O=“VeriSign, Inc.”, C=US
Issuer: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU=“© 1999 VeriSign, Inc. - For authorized use only”, OU=VeriSign Trust Network, O=“VeriSign, Inc.”, C=US
Algorithm: RSA; Serial number: 0x6170cb498c5f984529e7b0a6d9505b7a
Valid from Thu Sep 30 20:00:00 BRT 1999 until Wed Jul 16 20:59:59 BRT 2036

adding as trusted cert:
Subject: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB
Issuer: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB
Algorithm: RSA; Serial number: 0x1
Valid from Wed Dec 31 20:00:00 BRT 2003 until Sun Dec 31 20:59:59 BRT 2028

adding as trusted cert:
Subject: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
Issuer: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
Algorithm: RSA; Serial number: 0x4
Valid from Mon Jun 21 00:00:00 BRT 1999 until Sun Jun 21 01:00:00 BRT 2020

adding as trusted cert:
Subject: OU=Starfield Class 2 Certification Authority, O=“Starfield Technologies, Inc.”, C=US
Issuer: OU=Starfield Class 2 Certification Authority, O=“Starfield Technologies, Inc.”, C=US
Algorithm: RSA; Serial number: 0x0
Valid from Tue Jun 29 13:39:16 BRT 2004 until Thu Jun 29 14:39:16 BRT 2034

adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU=“© 1998 VeriSign, Inc. - For authorized use only”, OU=Class 1 Public Primary Certification Authority - G2, O=“VeriSign, Inc.”, C=US
Issuer: OU=VeriSign Trust Network, OU=“© 1998 VeriSign, Inc. - For authorized use only”, OU=Class 1 Public Primary Certification Authority - G2, O=“VeriSign, Inc.”, C=US
Algorithm: RSA; Serial number: 0x4cc7eaaa983e71d39310f83d3a899192
Valid from Sun May 17 20:00:00 BRT 1998 until Tue Aug 01 20:59:59 BRT 2028

adding as trusted cert:
Subject: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Issuer: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Algorithm: RSA; Serial number: 0xce7e0e517d846fe8fe560fc1bf03039
Valid from Thu Nov 09 20:00:00 BRT 2006 until Sun Nov 09 21:00:00 BRT 2031

adding as trusted cert:
Subject: CN=AC Certisign RFB G3, OU=Secretaria da Receita Federal do Brasil - RFB, O=ICP-Brasil, C=BR
Issuer: CN=AC Secretaria da Receita Federal do Brasil, O=ICP-Brasil, C=BR
Algorithm: RSA; Serial number: 0x3
Valid from Wed Oct 29 15:33:53 BRT 2008 until Sat Oct 29 15:33:53 BRT 2016

adding as trusted cert:
Subject: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
Issuer: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
Algorithm: RSA; Serial number: 0x40000000001154b5ac394
Valid from Tue Sep 01 08:00:00 BRT 1998 until Fri Jan 28 09:00:00 BRT 2028

adding as trusted cert:
Subject: OU=VeriSign Trust Network, OU=“© 1998 VeriSign, Inc. - For authorized use only”, OU=Class 3 Public Primary Certification Authority - G2, O=“VeriSign, Inc.”, C=US
Issuer: OU=VeriSign Trust Network, OU=“© 1998 VeriSign, Inc. - For authorized use only”, OU=Class 3 Public Primary Certification Authority - G2, O=“VeriSign, Inc.”, C=US
Algorithm: RSA; Serial number: 0x7dd9fe07cfa81eb7107967fba78934c6
Valid from Sun May 17 20:00:00 BRT 1998 until Tue Aug 01 20:59:59 BRT 2028

adding as trusted cert:
Subject: CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM
Issuer: CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM
Algorithm: RSA; Serial number: 0x5c6
Valid from Fri Nov 24 15:11:23 BRT 2006 until Mon Nov 24 16:06:44 BRT 2031

adding as trusted cert:
Subject: CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Issuer: CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Algorithm: RSA; Serial number: 0x10020
Valid from Tue Jun 11 06:46:39 BRT 2002 until Fri Jun 11 07:46:39 BRT 2027

adding as trusted cert:
Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Algorithm: RSA; Serial number: 0x400000000010f8626e60d
Valid from Fri Dec 15 04:00:00 BRT 2006 until Wed Dec 15 05:00:00 BRT 2021

adding as trusted cert:
Subject: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Issuer: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x36122296c5e338a520a1d25f4cd70954
Valid from Wed Jul 31 20:00:00 BRT 1996 until Fri Jan 01 20:59:59 BRT 2021

adding as trusted cert:
Subject: CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU
Issuer: CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU
Algorithm: RSA; Serial number: 0x0
Valid from Tue Sep 30 12:13:43 BRT 2003 until Wed Sep 30 13:13:44 BRT 2037

adding as trusted cert:
Subject: CN=Entrust Root Certification Authority - G2, OU=“© 2009 Entrust, Inc. - for authorized use only”, OU=See www.entrust.net/legal-terms, O=“Entrust, Inc.”, C=US
Issuer: CN=Entrust Root Certification Authority - G2, OU=“© 2009 Entrust, Inc. - for authorized use only”, OU=See www.entrust.net/legal-terms, O=“Entrust, Inc.”, C=US
Algorithm: RSA; Serial number: 0x4a538c28
Valid from Tue Jul 07 14:25:54 BRT 2009 until Sat Dec 07 14:55:54 BRT 2030

adding as trusted cert:
Subject: CN=Class 3P Primary CA, O=Certplus, C=FR
Issuer: CN=Class 3P Primary CA, O=Certplus, C=FR
Algorithm: RSA; Serial number: 0xbf5cdbb6f21c6ec04deb7a023b36e879
Valid from Wed Jul 07 13:10:00 BRT 1999 until Sat Jul 06 20:59:59 BRT 2019

adding as trusted cert:
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU=“© 2006 VeriSign, Inc. - For authorized use only”, OU=VeriSign Trust Network, O=“VeriSign, Inc.”, C=US
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU=“© 2006 VeriSign, Inc. - For authorized use only”, OU=VeriSign Trust Network, O=“VeriSign, Inc.”, C=US
Algorithm: RSA; Serial number: 0x18dad19e267de8bb4a2158cdcc6b3b4a
Valid from Tue Nov 07 20:00:00 BRT 2006 until Wed Jul 16 20:59:59 BRT 2036

adding as trusted cert:
Subject: CN=VeriSign Universal Root Certification Authority, OU=“© 2008 VeriSign, Inc. - For authorized use only”, OU=VeriSign Trust Network, O=“VeriSign, Inc.”, C=US
Issuer: CN=VeriSign Universal Root Certification Authority, OU=“© 2008 VeriSign, Inc. - For authorized use only”, OU=VeriSign Trust Network, O=“VeriSign, Inc.”, C=US
Algorithm: RSA; Serial number: 0x401ac46421b31321030ebbe4121ac51d
Valid from Tue Apr 01 20:00:00 BRT 2008 until Tue Dec 01 20:59:59 BRT 2037

adding as trusted cert:
Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
Algorithm: RSA; Serial number: 0x23456
Valid from Tue May 21 00:00:00 BRT 2002 until Sat May 21 01:00:00 BRT 2022

adding as trusted cert:
Subject: OU=Class 3 Public Primary Certification Authority, O=“VeriSign, Inc.”, C=US
Issuer: OU=Class 3 Public Primary Certification Authority, O=“VeriSign, Inc.”, C=US
Algorithm: RSA; Serial number: 0x3c9131cb1ff6d01b0e9ab8d044bf12be
Valid from Sun Jan 28 20:00:00 BRT 1996 until Wed Aug 02 20:59:59 BRT 2028

adding as trusted cert:
Subject: CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
Issuer: CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
Algorithm: RSA; Serial number: 0x444c0
Valid from Wed Oct 22 09:07:37 BRT 2008 until Mon Dec 31 09:07:37 BRT 2029

adding as trusted cert:
Subject: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP
Issuer: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP
Algorithm: RSA; Serial number: 0x0
Valid from Tue Sep 30 00:20:49 BRT 2003 until Sat Sep 30 01:20:49 BRT 2023

adding as trusted cert:
Subject: CN=Sonera Class1 CA, O=Sonera, C=FI
Issuer: CN=Sonera Class1 CA, O=Sonera, C=FI
Algorithm: RSA; Serial number: 0x24
Valid from Fri Apr 06 06:49:13 BRT 2001 until Tue Apr 06 07:49:13 BRT 2021

adding as trusted cert:
Subject: OU=Go Daddy Class 2 Certification Authority, O=“The Go Daddy Group, Inc.”, C=US
Issuer: OU=Go Daddy Class 2 Certification Authority, O=“The Go Daddy Group, Inc.”, C=US
Algorithm: RSA; Serial number: 0x0
Valid from Tue Jun 29 13:06:20 BRT 2004 until Thu Jun 29 14:06:20 BRT 2034

adding as trusted cert:
Subject: CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Issuer: CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Algorithm: RSA; Serial number: 0x44be0c8b500024b411d336252567c989
Valid from Fri Jul 09 13:28:50 BRT 1999 until Tue Jul 09 14:36:58 BRT 2019

adding as trusted cert:
Subject: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Issuer: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362afe650afd
Valid from Fri Jul 09 14:10:42 BRT 1999 until Tue Jul 09 15:19:22 BRT 2019

adding as trusted cert:
Subject: CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US
Issuer: CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US
Algorithm: RSA; Serial number: 0x18acb56afd69b6153a636cafdafac4a1
Valid from Sun Nov 26 20:00:00 BRT 2006 until Wed Jul 16 20:59:59 BRT 2036

adding as trusted cert:
Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
Algorithm: RSA; Serial number: 0x4000000000121585308a2
Valid from Wed Mar 18 07:00:00 BRT 2009 until Sun Mar 18 07:00:00 BRT 2029

adding as trusted cert:
Subject: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU=“© 1999 VeriSign, Inc. - For authorized use only”, OU=VeriSign Trust Network, O=“VeriSign, Inc.”, C=US
Issuer: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU=“© 1999 VeriSign, Inc. - For authorized use only”, OU=VeriSign Trust Network, O=“VeriSign, Inc.”, C=US
Algorithm: RSA; Serial number: 0x8b5b75568454850b00cfaf3848ceb1a4
Valid from Thu Sep 30 20:00:00 BRT 1999 until Wed Jul 16 20:59:59 BRT 2036

adding as trusted cert:
Subject: CN=America Online Root Certification Authority 1, O=America Online Inc., C=US
Issuer: CN=America Online Root Certification Authority 1, O=America Online Inc., C=US
Algorithm: RSA; Serial number: 0x1
Valid from Tue May 28 02:00:00 BRT 2002 until Thu Nov 19 17:43:00 BRT 2037

adding as trusted cert:
Subject: OU=Security Communication RootCA2, O=“SECOM Trust Systems CO.,LTD.”, C=JP
Issuer: OU=Security Communication RootCA2, O=“SECOM Trust Systems CO.,LTD.”, C=JP
Algorithm: RSA; Serial number: 0x0
Valid from Fri May 29 02:00:39 BRT 2009 until Tue May 29 02:00:39 BRT 2029

adding as trusted cert:
Subject: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA
Issuer: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA
Algorithm: RSA; Serial number: 0x0
Valid from Tue Dec 31 20:00:00 BRT 1996 until Thu Dec 31 20:59:59 BRT 2020

adding as trusted cert:
Subject: CN=GeoTrust Primary Certification Authority - G3, OU=© 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US
Issuer: CN=GeoTrust Primary Certification Authority - G3, OU=© 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US
Algorithm: RSA; Serial number: 0x15ac6e9419b2794b41f627a9c3180f1f
Valid from Tue Apr 01 20:00:00 BRT 2008 until Tue Dec 01 20:59:59 BRT 2037

adding as trusted cert:
Subject: CN=GTE CyberTrust Root 5, OU=“GTE CyberTrust Solutions, Inc.”, O=GTE Corporation, C=US
Issuer: CN=GTE CyberTrust Root 5, OU=“GTE CyberTrust Solutions, Inc.”, O=GTE Corporation, C=US
Algorithm: RSA; Serial number: 0x1b6
Valid from Fri Aug 14 10:50:00 BRT 1998 until Wed Aug 14 20:59:00 BRT 2013

adding as trusted cert:
Subject: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Issuer: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362de0b35f1b
Valid from Fri Jul 09 14:31:20 BRT 1999 until Tue Jul 09 15:40:36 BRT 2019

adding as trusted cert:
Subject: CN=UTN - DATACorp SGC, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Issuer: CN=UTN - DATACorp SGC, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US
Algorithm: RSA; Serial number: 0x44be0c8b500021b411d32a6806a9ad69
Valid from Thu Jun 24 14:57:21 BRT 1999 until Mon Jun 24 16:06:30 BRT 2019

adding as trusted cert:
Subject: CN=Sonera Class2 CA, O=Sonera, C=FI
Issuer: CN=Sonera Class2 CA, O=Sonera, C=FI
Algorithm: RSA; Serial number: 0x1d
Valid from Fri Apr 06 03:29:40 BRT 2001 until Tue Apr 06 04:29:40 BRT 2021

adding as trusted cert:
Subject: CN=TC TrustCenter Class 2 CA II, OU=TC TrustCenter Class 2 CA, O=TC TrustCenter GmbH, C=DE
Issuer: CN=TC TrustCenter Class 2 CA II, OU=TC TrustCenter Class 2 CA, O=TC TrustCenter GmbH, C=DE
Algorithm: RSA; Serial number: 0x2e6a000100021fd752212c115c3b
Valid from Thu Jan 12 10:38:43 BRT 2006 until Wed Dec 31 19:59:59 BRT 2025

trigger seeding of SecureRandom
done seeding SecureRandom


found key for : flexdoc
chain [0] = [
[
Version: V1
Subject: CN=flexdoc, OU=dev, C=BR
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: Sun RSA public key, 2048 bits
modulus: 27395585641091122340278222425245120448758883917027490910244012171790976817125550719213544121696371009902489501176357422018777246075244051895598567147242015065373063053589664420798537315120864227413258777861077745859344552726899909796360848007529559062710486001471142589061556230527927808965407428335342761201187273165720613642205987505456339376961849871533705416849863460158501861461555452056063425971543598678102169554453496020297740080123540019148570594545320394632925414630600074113877789059724439594772409308889227842179625569407504445240462640737897613477086132824999466342246870107319726197953570034809324498003
public exponent: 65537
Validity: [From: Tue Feb 07 10:56:12 BRT 2012,
To: Wed Feb 06 10:56:12 BRT 2013]
Issuer: CN=flexdoc, OU=dev, C=BR
SerialNumber: [ 4f312d7c]

]
Algorithm: [SHA1withRSA]
Signature:
0000: 74 DE 3F 65 3E 47 0F CE 89 EC 7C 4F 6E 92 01 94 t.?e>G…On…
0010: B7 30 33 CA 49 29 0D 73 56 BD 07 D2 21 CD C8 40 .03.I).sV…!..@
0020: 17 F2 E1 B6 0B 7E EA BC 83 B3 FA C4 99 00 96 DF …
0030: 44 EE FD 66 96 76 1A 13 7A 7C 86 97 03 B1 70 EE D…f.v…z…p.
0040: 3C 3F EA 12 85 FA 7C AD 02 1F 8E 3C A2 26 EC 72 <?..<.&.r
0050: 93 89 A3 97 CE 82 DD 44 6C 61 0C C3 AD 38 08 FF …Dla…8…
0060: E6 99 6A F2 A4 D0 32 5C 17 F0 1F 41 99 76 D5 1D …j…2…A.v…
0070: 18 FF 55 90 72 FE 04 31 7A 8B 35 C5 EE B5 29 AE …U.r…1z.5…).
0080: 1D 5E 65 18 83 42 8B 81 1C 53 E0 AC 12 F8 13 EB .^e…B…S…
0090: 3C 5E 13 B6 A5 DE F7 05 EE 5A BF 30 D7 BF A4 7B <^…Z.0…
00A0: 57 9D 0B D8 82 A7 F3 D7 E3 34 E0 B1 B2 DA E9 BA W…4…
00B0: 5F 37 85 A2 7D 1A 56 41 04 F6 C6 D4 93 48 11 43 _7…VA…H.C
00C0: FE 3D DE C8 0D C5 DE B1 41 32 45 18 17 D8 67 A7 .=…A2E…g.
00D0: BA E7 23 69 88 C6 34 8F 58 F2 A2 02 7C 92 C1 FA …#i…4.X…
00E0: B0 2B F7 4E BB 19 69 4D 33 EB 2C B5 3C 6E 2D 70 .+.N…iM3.,.<n-p
00F0: EE 8A D4 B4 4F C4 36 69 B6 B4 41 4E 93 DF 1B 30 …O.6i…AN…0

]


adding as trusted cert:
Subject: CN=AC Certisign RFB G3, OU=Secretaria da Receita Federal do Brasil - RFB, O=ICP-Brasil, C=BR
Issuer: CN=AC Secretaria da Receita Federal do Brasil, O=ICP-Brasil, C=BR
Algorithm: RSA; Serial number: 0x3
Valid from Wed Oct 29 15:33:53 BRT 2008 until Sat Oct 29 15:33:53 BRT 2016

adding as trusted cert:
Subject: CN=AC Secretaria da Receita Federal do Brasil, O=ICP-Brasil, C=BR
Issuer: CN=Autoridade Certificadora Raiz Brasileira v1, OU=Instituto Nacional de Tecnologia da Informacao - ITI, O=ICP-Brasil, C=BR
Algorithm: RSA; Serial number: 0x5
Valid from Fri Oct 24 09:39:46 BRT 2008 until Wed Oct 24 09:39:46 BRT 2018

adding as trusted cert:
Subject: CN=Autoridade Certificadora Raiz Brasileira v1, OU=Instituto Nacional de Tecnologia da Informacao - ITI, O=ICP-Brasil, C=BR
Issuer: CN=Autoridade Certificadora Raiz Brasileira v1, OU=Instituto Nacional de Tecnologia da Informacao - ITI, O=ICP-Brasil, C=BR
Algorithm: RSA; Serial number: 0x1
Valid from Tue Jul 29 16:17:10 BRT 2008 until Thu Jul 29 16:17:10 BRT 2021

trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
matching alias: flexdoc
main, called closeSocket()
Feb 7, 2012 11:10:31 AM org.apache.coyote.http11.Http11Protocol init
INFO: Initializing Coyote HTTP/1.1 on http-8443
Feb 7, 2012 11:10:31 AM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 1334 ms
Feb 7, 2012 11:10:31 AM org.apache.catalina.core.StandardService start
INFO: Starting service Catalina
Feb 7, 2012 11:10:31 AM org.apache.catalina.core.StandardEngine start
INFO: Starting Servlet Engine: Apache Tomcat/6.0.33
Feb 7, 2012 11:10:31 AM org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor manager.xml
Finalizer, called close()
Finalizer, called closeInternal(true)
Finalizer, called close()
Finalizer, called closeInternal(true)
Feb 7, 2012 11:10:31 AM org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor host-manager.xml
Feb 7, 2012 11:10:31 AM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory docs
Feb 7, 2012 11:10:31 AM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory ROOT
Feb 7, 2012 11:10:31 AM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory examples
Feb 7, 2012 11:10:31 AM org.apache.catalina.core.ApplicationContext log
INFO: ContextListener: contextInitialized()
Feb 7, 2012 11:10:31 AM org.apache.catalina.core.ApplicationContext log
INFO: SessionListener: contextInitialized()
Feb 7, 2012 11:10:31 AM org.apache.catalina.startup.HostConfig deployDirectory
INFO: Deploying web application directory teste
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: falseFeb 7, 2012 11:10:32 AM org.apache.coyote.http11.Http11Protocol start
INFO: Starting Coyote HTTP/1.1 on http-8443

http-8443-Acceptor-0, called closeSocket()
Feb 7, 2012 11:10:32 AM org.apache.jk.common.ChannelSocket init
INFO: JK: ajp13 listening on /0.0.0.0:8009
Feb 7, 2012 11:10:32 AM org.apache.jk.server.JkMain start
INFO: Jk running ID=0 time=0/30 config=null
Feb 7, 2012 11:10:32 AM org.apache.catalina.startup.Catalina start
INFO: Server startup in 1118 ms
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
http-8443-1, setSoTimeout(60000) called
http-8443-1, READ: TLSv1 Handshake, length = 157
*** ClientHello, TLSv1
RandomCookie: GMT: 1328624204 bytes = { 185, 105, 225, 55, 191, 188, 170, 179, 107, 20, 88, 114, 147, 85, 169, 171, 130, 153, 17, 123, 6, 234, 5, 113, 172, 180, 242, 69 }
Session ID: {}
Cipher Suites: [TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, Unknown 0x0:0x88, Unknown 0x0:0x87, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, Unknown 0x0:0x84, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, Unknown 0x0:0x45, Unknown 0x0:0x44, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, Unknown 0x0:0x96, Unknown 0x0:0x41, SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
Compression Methods: { 0 }
Unsupported extension server_name, [host_name: localhost]
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1}
Extension ec_point_formats, formats: [uncompressed]
Unsupported extension type_35, data:


%% Created: [Session-1, TLS_DHE_RSA_WITH_AES_128_CBC_SHA]
*** ServerHello, TLSv1
RandomCookie: GMT: 1328624204 bytes = { 161, 200, 44, 184, 224, 19, 94, 183, 74, 213, 75, 188, 188, 40, 207, 110, 183, 23, 126, 51, 219, 13, 120, 124, 223, 234, 164, 141 }
Session ID: {79, 49, 50, 76, 83, 192, 13, 120, 229, 3, 112, 245, 254, 79, 220, 169, 1, 225, 184, 12, 52, 214, 131, 4, 197, 119, 230, 225, 227, 179, 240, 234}
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection:


Cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA
*** Certificate chain
chain [0] = [
[
Version: V1
Subject: CN=flexdoc, OU=dev, C=BR
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

Key: Sun RSA public key, 2048 bits
modulus: 27395585641091122340278222425245120448758883917027490910244012171790976817125550719213544121696371009902489501176357422018777246075244051895598567147242015065373063053589664420798537315120864227413258777861077745859344552726899909796360848007529559062710486001471142589061556230527927808965407428335342761201187273165720613642205987505456339376961849871533705416849863460158501861461555452056063425971543598678102169554453496020297740080123540019148570594545320394632925414630600074113877789059724439594772409308889227842179625569407504445240462640737897613477086132824999466342246870107319726197953570034809324498003
public exponent: 65537
Validity: [From: Tue Feb 07 10:56:12 BRT 2012,
To: Wed Feb 06 10:56:12 BRT 2013]
Issuer: CN=flexdoc, OU=dev, C=BR
SerialNumber: [ 4f312d7c]

]
Algorithm: [SHA1withRSA]
Signature:
0000: 74 DE 3F 65 3E 47 0F CE 89 EC 7C 4F 6E 92 01 94 t.?e>G…On…
0010: B7 30 33 CA 49 29 0D 73 56 BD 07 D2 21 CD C8 40 .03.I).sV…!..@
0020: 17 F2 E1 B6 0B 7E EA BC 83 B3 FA C4 99 00 96 DF …
0030: 44 EE FD 66 96 76 1A 13 7A 7C 86 97 03 B1 70 EE D…f.v…z…p.
0040: 3C 3F EA 12 85 FA 7C AD 02 1F 8E 3C A2 26 EC 72 <?..<.&.r
0050: 93 89 A3 97 CE 82 DD 44 6C 61 0C C3 AD 38 08 FF …Dla…8…
0060: E6 99 6A F2 A4 D0 32 5C 17 F0 1F 41 99 76 D5 1D …j…2…A.v…
0070: 18 FF 55 90 72 FE 04 31 7A 8B 35 C5 EE B5 29 AE …U.r…1z.5…).
0080: 1D 5E 65 18 83 42 8B 81 1C 53 E0 AC 12 F8 13 EB .^e…B…S…
0090: 3C 5E 13 B6 A5 DE F7 05 EE 5A BF 30 D7 BF A4 7B <^…Z.0…
00A0: 57 9D 0B D8 82 A7 F3 D7 E3 34 E0 B1 B2 DA E9 BA W…4…
00B0: 5F 37 85 A2 7D 1A 56 41 04 F6 C6 D4 93 48 11 43 _7…VA…H.C
00C0: FE 3D DE C8 0D C5 DE B1 41 32 45 18 17 D8 67 A7 .=…A2E…g.
00D0: BA E7 23 69 88 C6 34 8F 58 F2 A2 02 7C 92 C1 FA …#i…4.X…
00E0: B0 2B F7 4E BB 19 69 4D 33 EB 2C B5 3C 6E 2D 70 .+.N…iM3.,.<n-p
00F0: EE 8A D4 B4 4F C4 36 69 B6 B4 41 4E 93 DF 1B 30 …O.6i…AN…0

]


*** Diffie-Hellman ServerKeyExchange
DH Modulus: { 233, 230, 66, 89, 157, 53, 95, 55, 201, 127, 253, 53, 103, 18, 11, 142, 37, 201, 205, 67, 233, 39, 179, 169, 103, 15, 190, 197, 216, 144, 20, 25, 34, 210, 195, 179, 173, 36, 128, 9, 55, 153, 134, 157, 30, 132, 106, 171, 73, 250, 176, 173, 38, 210, 206, 106, 34, 33, 157, 71, 11, 206, 125, 119, 125, 74, 33, 251, 233, 194, 112, 181, 127, 96, 112, 2, 243, 206, 248, 57, 54, 148, 207, 69, 238, 54, 136, 193, 26, 140, 86, 171, 18, 122, 61, 175 }
DH Base: { 48, 71, 10, 213, 160, 5, 251, 20, 206, 45, 157, 205, 135, 227, 139, 199, 209, 177, 197, 250, 203, 174, 203, 233, 95, 25, 10, 167, 163, 29, 35, 196, 219, 188, 190, 6, 23, 69, 68, 64, 26, 91, 44, 2, 9, 101, 216, 194, 189, 33, 113, 211, 102, 132, 69, 119, 31, 116, 186, 8, 77, 32, 41, 216, 60, 28, 21, 133, 71, 243, 169, 241, 162, 113, 91, 226, 61, 81, 174, 77, 62, 90, 31, 106, 112, 100, 243, 22, 147, 58, 52, 109, 63, 82, 146, 82 }
Server DH Public Key: { 76, 92, 110, 76, 83, 237, 49, 243, 63, 58, 164, 215, 197, 197, 25, 17, 99, 30, 163, 168, 115, 198, 115, 181, 125, 138, 16, 245, 116, 75, 13, 194, 223, 179, 99, 43, 240, 75, 219, 169, 245, 24, 19, 52, 105, 37, 80, 141, 19, 76, 185, 181, 158, 52, 233, 133, 130, 236, 213, 217, 180, 163, 100, 103, 228, 169, 24, 84, 104, 241, 202, 184, 44, 56, 56, 77, 116, 159, 251, 51, 135, 221, 100, 106, 250, 41, 83, 38, 33, 43, 75, 119, 160, 76, 210, 17 }
Signed with a DSA or RSA public key
*** CertificateRequest
Cert Types: RSA, DSS
Cert Authorities:
<CN=AC Certisign RFB G3, OU=Secretaria da Receita Federal do Brasil - RFB, O=ICP-Brasil, C=BR>
<CN=AC Secretaria da Receita Federal do Brasil, O=ICP-Brasil, C=BR>
<CN=Autoridade Certificadora Raiz Brasileira v1, OU=Instituto Nacional de Tecnologia da Informacao - ITI, O=ICP-Brasil, C=BR>
*** ServerHelloDone
http-8443-1, WRITE: TLSv1 Handshake, length = 1756
http-8443-1, READ: TLSv1 Handshake, length = 109
*** Certificate chain


http-8443-1, SEND TLSv1 ALERT: fatal, description = bad_certificate
http-8443-1, WRITE: TLSv1 Alert, length = 2
http-8443-1, called closeSocket()
http-8443-1, handling exception: javax.net.ssl.SSLHandshakeException: null cert chain
http-8443-1, called close()
http-8443-1, called closeInternal(true)[/quote]

Alguém sabe me dizer que diabo de erro esquisito SSL_BAD_CERT_ALERT é esse?! rs. Eu tô parado nisso há 5 dias já… =/

[]'s!

Ninguém? Hehe :slight_smile:

Aqui, quem quiser configurar o KeyTool de uma forma fácil, fica a dica: http://code.google.com/p/keytool-iui/