SSL exception - oxD client 2.4.3-Final, GLUU Server 2-4-3

By: Steve Sobol user 14 Jul 2016 at 12:34 a.m. CDT

43 Responses
Steve Sobol gravatar
I am running oxD Server on my Gluu server. I am attempting a connection from my laptop. I have an SSH tunnel running from the laptop's Port 8999 to 127.0.0.1:8099 on the Gluu/oxD server. When I attempt to use oxD to complete an OpenID Connect login, I see this on the server: ``` 2016-07-14 01:20:42,159 INFO [org.xdi.oxd.server.ServerLauncher] Starting... 2016-07-14 01:20:42,658 TRACE [org.xdi.oxd.server.service.ConfigurationService] Try to load configuration from system property: oxd.server.config, value: /opt/oxd-server/conf/oxd-conf.json 2016-07-14 01:20:42,933 TRACE [org.xdi.oxd.server.service.ConfigurationService] Configuration loaded successfully from system property: oxd.server.config. 2016-07-14 01:20:42,933 TRACE [org.xdi.oxd.server.service.ConfigurationService] Configuration: Configuration{port=8099, timeOutInSeconds=0, opHost=https://MY_GLUU_SERVER, localhostOnly=true, licenseServerEndpoint=, licenseId=} 2016-07-14 01:20:42,971 INFO [org.xdi.oxd.server.service.ConfigurationService] Configuration directory: /opt/oxd-server/conf 2016-07-14 01:20:42,975 TRACE [org.xdi.oxd.server.service.SiteConfigurationService] Loading site file name: oxd-default-site-config.json 2016-07-14 01:20:43,059 ERROR [org.xdi.oxd.server.license.LicenseUpdateService] Failed to start LicenseUpdateService. Configuration licenseId or licenseServerEndpoint is empty. 2016-07-14 01:20:43,060 DEBUG [org.xdi.oxd.server.license.LicenseService] licenseChanged: false 2016-07-14 01:20:43,060 DEBUG [org.xdi.oxd.server.license.LicenseService] License file location: /.oxd-license 2016-07-14 01:20:43,060 ERROR [org.xdi.oxd.server.license.LicenseFile] No content to map to Object due to end of input java.io.EOFException: No content to map to Object due to end of input at org.codehaus.jackson.map.ObjectMapper._initForReading(ObjectMapper.java:2775) at org.codehaus.jackson.map.ObjectMapper._readMapAndClose(ObjectMapper.java:2718) at org.codehaus.jackson.map.ObjectMapper.readValue(ObjectMapper.java:1909) at org.xdi.oxd.server.license.LicenseFile.create(LicenseFile.java:46) at org.xdi.oxd.server.license.LicenseService.loadLicenseFile(LicenseService.java:132) at org.xdi.oxd.server.license.LicenseService.validate(LicenseService.java:73) at org.xdi.oxd.server.license.LicenseService.<init>(LicenseService.java:56) at org.xdi.oxd.server.service.SocketService.listenSocket(SocketService.java:58) at org.xdi.oxd.server.ServerLauncher.startOxd(ServerLauncher.java:66) at org.xdi.oxd.server.ServerLauncher.start(ServerLauncher.java:58) at org.xdi.oxd.server.ServerLauncher.main(ServerLauncher.java:48) 2016-07-14 01:20:43,084 INFO [org.xdi.oxd.server.service.SocketService] Server socket is bound to port: 8099, with timeout: 0 seconds. Start listening for notifications. 2016-07-14 01:22:57,119 DEBUG [org.xdi.oxd.server.service.SocketService] Start new SocketProcessor... 2016-07-14 01:22:57,123 ERROR [org.xdi.oxd.server.license.LicenseUpdateService] Failed to start LicenseUpdateService. Configuration licenseId or licenseServerEndpoint is empty. 2016-07-14 01:22:57,124 DEBUG [org.xdi.oxd.server.license.LicenseService] licenseChanged: false 2016-07-14 01:22:57,124 DEBUG [org.xdi.oxd.server.license.LicenseService] License file location: /.oxd-license 2016-07-14 01:22:57,125 ERROR [org.xdi.oxd.server.license.LicenseFile] No content to map to Object due to end of input java.io.EOFException: No content to map to Object due to end of input at org.codehaus.jackson.map.ObjectMapper._initForReading(ObjectMapper.java:2775) at org.codehaus.jackson.map.ObjectMapper._readMapAndClose(ObjectMapper.java:2718) at org.codehaus.jackson.map.ObjectMapper.readValue(ObjectMapper.java:1909) at org.xdi.oxd.server.license.LicenseFile.create(LicenseFile.java:46) at org.xdi.oxd.server.license.LicenseService.loadLicenseFile(LicenseService.java:132) at org.xdi.oxd.server.license.LicenseService.validate(LicenseService.java:73) at org.xdi.oxd.server.license.LicenseService.<init>(LicenseService.java:56) at org.xdi.oxd.server.license.LicenseService$$FastClassByGuice$$bd74ee5e.newInstance(<generated>) at com.google.inject.internal.cglib.reflect.$FastConstructor.newInstance(FastConstructor.java:40) at com.google.inject.internal.DefaultConstructionProxyFactory$1.newInstance(DefaultConstructionProxyFactory.java:60) at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:85) at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:254) at com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:46) at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1031) at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40) at com.google.inject.Scopes$1$1.get(Scopes.java:65) at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40) at com.google.inject.internal.InjectorImpl$4$1.call(InjectorImpl.java:978) at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1024) at com.google.inject.internal.InjectorImpl$4.get(InjectorImpl.java:974) at com.google.inject.internal.InjectorImpl.getInstance(InjectorImpl.java:1013) at org.xdi.oxd.server.SocketProcessor.<init>(SocketProcessor.java:37) at org.xdi.oxd.server.service.SocketService.listenSocket(SocketService.java:85) at org.xdi.oxd.server.ServerLauncher.startOxd(ServerLauncher.java:66) at org.xdi.oxd.server.ServerLauncher.start(ServerLauncher.java:58) at org.xdi.oxd.server.ServerLauncher.main(ServerLauncher.java:48) 2016-07-14 01:22:57,135 TRACE [org.xdi.oxd.server.SocketProcessor] Socket processor handling... 2016-07-14 01:22:57,135 TRACE [org.xdi.oxd.common.CoreUtils] commandSize: -1, stringStorage: 2016-07-14 01:22:57,784 TRACE [org.xdi.oxd.common.CoreUtils] Parsed sizeString: 0364, commandSize: 364 2016-07-14 01:22:57,785 TRACE [org.xdi.oxd.common.CoreUtils] Read result: ReadResult{m_command='{"command":"implicit_flow","params":{"scope":"openid","nonce":"04617fcf-9534-48fd-8a26-c4b141f1e4bc","discovery_url":"https://MY_GLUU_SERVER/.well-known/openid-configuration","redirect_url":"https://MY_WEBSITE/callback","client_id":"@!MY_CLIENT_ID","client_secret":"test","user_id":"test","user_secret":"test"}}', m_leftString=''} 2016-07-14 01:22:57,786 TRACE [org.xdi.oxd.server.Processor] Command: {"command":"implicit_flow","params":{"scope":"openid","nonce":"04617fcf-9534-48fd-8a26-c4b141f1e4bc","discovery_url":"https://MY_GLUU_SERVER/.well-known/openid-configuration","redirect_url":"https://MY_WEBSITE/callback","client_id":"@!MY_CLIENT_ID","client_secret":"test","user_id":"test","user_secret":"test"}} 2016-07-14 01:22:57,870 TRACE [org.xdi.oxd.server.service.HttpService] Created TRUST_ALL client. 2016-07-14 01:22:58,808 ERROR [org.xdi.oxauth.client.OpenIdConfigurationClient] peer not authenticated javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431) at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:126) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572) at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180) at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294) at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:645) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:480) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805) at org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor.execute(ApacheHttpClient4Executor.java:109) at org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:39) at org.jboss.resteasy.plugins.interceptors.encoding.AcceptEncodingGZIPInterceptor.execute(AcceptEncodingGZIPInterceptor.java:40) at org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:45) at org.jboss.resteasy.client.ClientRequest.execute(ClientRequest.java:443) at org.jboss.resteasy.client.ClientRequest.httpMethod(ClientRequest.java:677) at org.jboss.resteasy.client.ClientRequest.get(ClientRequest.java:479) at org.jboss.resteasy.client.ClientRequest.get(ClientRequest.java:508) at org.xdi.oxauth.client.OpenIdConfigurationClient._execOpenIdConfiguration(OpenIdConfigurationClient.java:102) at org.xdi.oxauth.client.OpenIdConfigurationClient.execOpenIdConfiguration(OpenIdConfigurationClient.java:78) at org.xdi.oxd.server.service.DiscoveryService.getConnectDiscoveryResponse(DiscoveryService.java:60) at org.xdi.oxd.server.op.ImplicitFlowOperation.execute(ImplicitFlowOperation.java:42) at org.xdi.oxd.server.Processor.process(Processor.java:96) at org.xdi.oxd.server.Processor.process(Processor.java:50) at org.xdi.oxd.server.SocketProcessor.run(SocketProcessor.java:61) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) 2016-07-14 01:22:58,810 ERROR [org.xdi.oxd.server.service.DiscoveryService] java.lang.NullPointerException at org.xdi.oxd.server.service.DiscoveryService.getConnectDiscoveryResponse(DiscoveryService.java:61) at org.xdi.oxd.server.op.ImplicitFlowOperation.execute(ImplicitFlowOperation.java:42) at org.xdi.oxd.server.Processor.process(Processor.java:96) at org.xdi.oxd.server.Processor.process(Processor.java:50) at org.xdi.oxd.server.SocketProcessor.run(SocketProcessor.java:61) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) 2016-07-14 01:22:58,811 ERROR [org.xdi.oxd.server.service.DiscoveryService] Unable to fetch discovery information for url: https://MY_GLUU_SERVER/.well-known/openid-configuration 2016-07-14 01:22:58,876 TRACE [org.xdi.oxd.server.Processor] Send back response: {"status":"error","data":{"error":"internal_error","error_description":"Internal server error occurs."}} 2016-07-14 01:22:58,877 ERROR [org.xdi.oxd.server.SocketProcessor] Quit. Enable to process command. ``` I am executing this code in a servlet: ``` @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException,IOException { CommandClient client = null; try { client = new CommandClient("127.0.0.1",8999); final ImplicitFlowParams commandParams = new ImplicitFlowParams(); commandParams.setClientId("ClientID"); commandParams.setClientSecret("Secret"); commandParams.setDiscoveryUrl("https://MY_GLUU_SERVER/.well-known/openid-configuration"); commandParams.setNonce(UUID.randomUUID().toString()); commandParams.setRedirectUrl("https://MY_WEBSITE/callback"); commandParams.setScope("openid"); commandParams.setUserId("test"); commandParams.setUserSecret("test"); final Command command = new Command(CommandType.IMPLICIT_FLOW); command.setParamsObject(commandParams); final ImplicitFlowResponse flowResp = client.send(command).dataAsResponse(ImplicitFlowResponse.class); } finally { CommandClient.closeQuietly(client); } } ``` My Gluu server uses a Comodo domain-validated SSL certificate. The Comodo certs require intermediate certs to be installed; they are, and when I log onto the Gluu server in a web browser, I can do so with no errors or warnings. Need help, please.
U1404
closed

Answers

By Yuriy Zabrovarnyy staff 14 Jul 2016 at 1:33 a.m. CDT

Copy
Yuriy Zabrovarnyy gravatar
Please import certificate into your java cacert store then HttpClient can correctly validate it. http://stackoverflow.com/questions/4325263/how-to-import-a-cer-certificate-into-a-java-keystore The other possible solution is to create trust store file and point to it with trust_store_path property in oxd-conf.json file (oxd restart is required). ``` https://docs.oracle.com/cd/E19509-01/820-3503/6nf1il6er/index.html ``` To trace SSL problem in detail you may want to start oxd with this system parameter ``` -Djavax.net.debug=ssl:handshake ``` Thanks, Yuriy Z

By Steve Sobol user 14 Jul 2016 at 11:34 a.m. CDT

Copy
Steve Sobol gravatar
I don't like messing around with cacerts so I used a separate truststore, in JKS format. Same problem. I noted that there (apparently) isn't a way to tell the oxD server which password to use for the truststore.

By Steve Sobol user 14 Jul 2016 at 11:37 a.m. CDT

Copy
Steve Sobol gravatar
I also just tried changing the cert's alias. Now it matches the hostname of my Gluu server. Still no luck. I guess I will have to try modifying cacerts instead.

By Steve Sobol user 14 Jul 2016 at 11:58 a.m. CDT

Copy
Steve Sobol gravatar
Tried downloading cacerts, examining it with Keystore Explorer... only one of the three Comodo intermediate CA certificates I need were installed. Put the other two in. Upload cacerts and put it into place in /etc/ssl/java. Restarted oxD. No love. Added the cert I purchased for my Gluu server. Uploaded, etc. Restarted. No love. I thought the problem might be the JVM. I forgot to install the Oracle JVM, so Gluu was using openjdk. Turns out it doesn't matter since on Ubuntu 14.04, both openjdk and Oracle use /etc/ssl/java/cacerts. Not sure where to go from here.

By Yuriy Zabrovarnyy staff 14 Jul 2016 at 2:46 p.m. CDT

Copy
Yuriy Zabrovarnyy gravatar
Ok, lets trace it in details if you don't mind. Please install this 2.4.3 oxd version : http://ox.gluu.org/maven/org/xdi/oxd-server/2.4.3-SNAPSHOT/oxd-server-2.4.3-SNAPSHOT-distribution.zip Which corresponds to latest git branch 2.4.3 sources. We need : 1) trust_all_certs = true Try your scenario and attach full oxd-server.log 2) import you valid certificate into your java cert store and check whether it works. Make sure your oxd java command that starts oxd server and certs are for same java. Try your scenario and attach full oxd-server.log I've checked both those scenarios and both works for me. Looking forward for more info from you. Thanks, Yuriy Z

By Yuriy Zabrovarnyy staff 14 Jul 2016 at 2:49 p.m. CDT

Copy
Yuriy Zabrovarnyy gravatar
About specifying password for trust store, I will provide hotfix today. Thanks, Yuriy Z

By Yuriy Zabrovarnyy staff 14 Jul 2016 at 3:20 p.m. CDT

Copy
Yuriy Zabrovarnyy gravatar
Hotfix is done. Now you can specify trust store password in oxd config as trust_store_password. Please download oxd 2.4.3 from here http://ox.gluu.org/maven/org/xdi/oxd-server/2.4.3-SNAPSHOT/. Time stamp must be "2016-07-14 16:16". Thanks, Yuriy Z

By Steve Sobol user 15 Jul 2016 at 12:25 p.m. CDT

Copy
Steve Sobol gravatar
Ok. I should be able to take care of this later today. I've downloaded the snapshot. Thank you for the excellent support

By Steve Sobol user 15 Jul 2016 at 3:56 p.m. CDT

Copy
Steve Sobol gravatar
This... is interesting. Using the Oracle JVM, when I set **trust_store_path**, I still see ``` trustStore is: /usr/lib/jvm/java-8-oracle/jre/lib/security/cacerts trustStore type is : jks trustStore provider is : ``` **trust_store_path **is set to /home/sjsobol/oxd/conf/sso.jks, a keystore containing only the server's SSL cert and the three intermediate certs. **/usr/lib/jvm/java-8-oracle/jre/lib/security/cacerts** is a symbolic link to **/etc/ssl/certs/java/cacerts.** So I temporarily replace the JVM's cacerts file with the keystore I have created that only contains my four certs. I can now see that my cert IS being loaded but I'm still getting the same error. So I'm thinking, maybe the **trust_store_path **is being ignored? And **trust_store_password ** too...?

By Yuriy Zabrovarnyy staff 17 Jul 2016 at 11:20 a.m. CDT

Copy
Yuriy Zabrovarnyy gravatar
cacerts is store of your JVM. trust_store_path points to store that is used by http client that performs calls from oxd outside. It's totally independent things. If you are interested here is code : https://github.com/GluuFederation/oxd/blob/version_2.4.3/oxd-common/src/main/java/org/xdi/oxd/common/CoreUtils.java#L222 What about logs and trust_all option? What are exact problems with ssl if your certs are present? You can check it if run oxd with following parameters ``` -Djavax.net.debug=all ``` or ``` -Djavax.net.debug=ssl:handshake:verbose ```

By Steve Sobol user 18 Jul 2016 at 11:30 p.m. CDT

Copy
Steve Sobol gravatar
I didn't see my cert being loaded when I used a separate keystore and set trust_store_path, so for now I've just imported the cert into cacerts and I can see it's being loaded. ``` adding as trusted cert: Subject: CN=MY_SERVER_HOSTNAME, OU=PositiveSSL, OU=Domain Control Validated Issuer: CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Algorithm: RSA; Serial number: 0x619e7f18c2c665d07f0a7ca2cd0f3e02 Valid from Fri Jun 10 20:00:00 EDT 2016 until Tue Jun 11 19:59:59 EDT 2019 ``` Here's my config ``` { "port":8099, "localhost_only":true, "time_out_in_seconds":0, "jetty_port":8098, "start_jetty":false, "use_client_authentication_for_pat":true, "trust_all_certs":true, "trust_store_path":"", "license_server_endpoint":"", "license_id":"", "license_check_period_in_hours": 24, "public_key":"", "public_password":"", "license_password":"", "op_host":"https://MY_SERVER_HOSTNAME:443" } ``` Logs: ``` BASEDIR=. CONF=./../conf/oxd-conf.json 2016-07-19 00:26:22,089 INFO [org.xdi.oxd.server.ServerLauncher] Starting... 2016-07-19 00:26:22,227 TRACE [org.xdi.oxd.server.service.ConfigurationService] Try to load configuration from system property: oxd.server.config, value: ./../conf/oxd-conf.json 2016-07-19 00:26:22,401 TRACE [org.xdi.oxd.server.service.ConfigurationService] Configuration loaded successfully from system property: oxd.server.config. 2016-07-19 00:26:22,402 TRACE [org.xdi.oxd.server.service.ConfigurationService] Configuration: Configuration{port=8099, timeOutInSeconds=0, jettyPort=8098, startJetty=false, registerClientAppType='web', registerClientResponesType='code', localhostOnly=true, useClientAuthenticationForPat=true, trustAllCerts=true, keyStorePath='', keyStorePassword='null', licenseServerEndpoint='', licenseId='', publicKey='', publicPassword='', licensePassword='', licenseCheckPeriodInHours=24, opHost='https://MY_SERVER_HOSTNAME:443'} 2016-07-19 00:26:22,416 INFO [org.xdi.oxd.server.service.ConfigurationService] Configuration directory: ./../conf 2016-07-19 00:26:22,419 TRACE [org.xdi.oxd.server.service.SiteConfigurationService] Loading site file name: oxd-default-site-config.json 2016-07-19 00:26:22,471 ERROR [org.xdi.oxd.server.license.LicenseUpdateService] Failed to start LicenseUpdateService. Configuration licenseId or licenseServerEndpoint is empty. 2016-07-19 00:26:22,471 DEBUG [org.xdi.oxd.server.license.LicenseService] licenseChanged: false 2016-07-19 00:26:22,471 DEBUG [org.xdi.oxd.server.license.LicenseService] License file location: /home/sjsobol/oxd/bin/.oxd-license 2016-07-19 00:26:22,472 ERROR [org.xdi.oxd.server.license.LicenseFile] No content to map to Object due to end of input java.io.EOFException: No content to map to Object due to end of input at org.codehaus.jackson.map.ObjectMapper._initForReading(ObjectMapper.java:2775) at org.codehaus.jackson.map.ObjectMapper._readMapAndClose(ObjectMapper.java:2718) at org.codehaus.jackson.map.ObjectMapper.readValue(ObjectMapper.java:1909) at org.xdi.oxd.server.license.LicenseFile.create(LicenseFile.java:46) at org.xdi.oxd.server.license.LicenseService.loadLicenseFile(LicenseService.java:132) at org.xdi.oxd.server.license.LicenseService.validate(LicenseService.java:73) at org.xdi.oxd.server.license.LicenseService.<init>(LicenseService.java:56) at org.xdi.oxd.server.service.SocketService.listenSocket(SocketService.java:58) at org.xdi.oxd.server.ServerLauncher.startOxd(ServerLauncher.java:66) at org.xdi.oxd.server.ServerLauncher.start(ServerLauncher.java:58) at org.xdi.oxd.server.ServerLauncher.main(ServerLauncher.java:48) 2016-07-19 00:26:22,486 INFO [org.xdi.oxd.server.service.SocketService] Server runs in free license mode which delays commands execution on 0.5 second for each command. In order to remove the transaction limitations placed on the free version of oxD, you need to purchase a commercial license at oxd.gluu.org 2016-07-19 00:26:22,487 INFO [org.xdi.oxd.server.service.SocketService] Server socket is bound to port: 8099, with timeout: 0 seconds. Start listening for notifications. 2016-07-19 00:26:31,608 DEBUG [org.xdi.oxd.server.service.SocketService] Start new SocketProcessor... 2016-07-19 00:26:31,611 ERROR [org.xdi.oxd.server.license.LicenseUpdateService] Failed to start LicenseUpdateService. Configuration licenseId or licenseServerEndpoint is empty. 2016-07-19 00:26:31,611 DEBUG [org.xdi.oxd.server.license.LicenseService] licenseChanged: false 2016-07-19 00:26:31,611 DEBUG [org.xdi.oxd.server.license.LicenseService] License file location: /home/sjsobol/oxd/bin/.oxd-license 2016-07-19 00:26:31,612 ERROR [org.xdi.oxd.server.license.LicenseFile] No content to map to Object due to end of input java.io.EOFException: No content to map to Object due to end of input at org.codehaus.jackson.map.ObjectMapper._initForReading(ObjectMapper.java:2775) at org.codehaus.jackson.map.ObjectMapper._readMapAndClose(ObjectMapper.java:2718) at org.codehaus.jackson.map.ObjectMapper.readValue(ObjectMapper.java:1909) at org.xdi.oxd.server.license.LicenseFile.create(LicenseFile.java:46) at org.xdi.oxd.server.license.LicenseService.loadLicenseFile(LicenseService.java:132) at org.xdi.oxd.server.license.LicenseService.validate(LicenseService.java:73) at org.xdi.oxd.server.license.LicenseService.<init>(LicenseService.java:56) at org.xdi.oxd.server.license.LicenseService$$FastClassByGuice$$bd74ee5e.newInstance(<generated>) at com.google.inject.internal.cglib.reflect.$FastConstructor.newInstance(FastConstructor.java:40) at com.google.inject.internal.DefaultConstructionProxyFactory$1.newInstance(DefaultConstructionProxyFactory.java:60) at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:85) at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:254) at com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:46) at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1031) at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40) at com.google.inject.Scopes$1$1.get(Scopes.java:65) at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40) at com.google.inject.internal.InjectorImpl$4$1.call(InjectorImpl.java:978) at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1024) at com.google.inject.internal.InjectorImpl$4.get(InjectorImpl.java:974) at com.google.inject.internal.InjectorImpl.getInstance(InjectorImpl.java:1013) at org.xdi.oxd.server.SocketProcessor.<init>(SocketProcessor.java:37) at org.xdi.oxd.server.service.SocketService.listenSocket(SocketService.java:91) at org.xdi.oxd.server.ServerLauncher.startOxd(ServerLauncher.java:66) at org.xdi.oxd.server.ServerLauncher.start(ServerLauncher.java:58) at org.xdi.oxd.server.ServerLauncher.main(ServerLauncher.java:48) 2016-07-19 00:26:31,617 TRACE [org.xdi.oxd.server.SocketProcessor] Socket processor handling... 2016-07-19 00:26:31,617 TRACE [org.xdi.oxd.common.CoreUtils] commandSize: -1, stringStorage: 2016-07-19 00:26:31,710 TRACE [org.xdi.oxd.common.CoreUtils] Parsed sizeString: 0364, commandSize: 364 2016-07-19 00:26:31,711 TRACE [org.xdi.oxd.common.CoreUtils] Read result: ReadResult{m_command='{"command":"implicit_flow","params":{"scope":"openid","nonce":"22a589d1-7a9a-4d1c-a2a9-b9d1c665e1a8","discovery_url":"https://MY_SERVER_HOSTNAME/.well-known/openid-configuration","redirect_url":"MY_CALLBACK_URL","client_id":"@!2920.FAD2.FB38.9BC5!0001!9227.0E3D!0008!9EC6.7B6C","client_secret":"test","user_id":"test","user_secret":"test"}}', m_leftString=''} 2016-07-19 00:26:31,711 TRACE [org.xdi.oxd.server.Processor] Command: {"command":"implicit_flow","params":{"scope":"openid","nonce":"22a589d1-7a9a-4d1c-a2a9-b9d1c665e1a8","discovery_url":"https://MY_SERVER_HOSTNAME/.well-known/openid-configuration","redirect_url":"MY_CALLBACK_URL","client_id":"@!2920.FAD2.FB38.9BC5!0001!9227.0E3D!0008!9EC6.7B6C","client_secret":"test","user_id":"test","user_secret":"test"}} 2016-07-19 00:26:32,281 TRACE [org.xdi.oxd.server.service.HttpService] Created TRUST_ALL client. trustStore is: /usr/lib/jvm/java-8-oracle/jre/lib/security/cacerts trustStore type is : jks trustStore provider is : init truststore adding as trusted cert: Subject: CN=Hongkong Post Root CA 1, O=Hongkong Post, C=HK Issuer: CN=Hongkong Post Root CA 1, O=Hongkong Post, C=HK Algorithm: RSA; Serial number: 0x3e8 Valid from Thu May 15 01:13:14 EDT 2003 until Mon May 15 00:52:29 EDT 2023 adding as trusted cert: Subject: CN=SecureTrust CA, O=SecureTrust Corporation, C=US Issuer: CN=SecureTrust CA, O=SecureTrust Corporation, C=US Algorithm: RSA; Serial number: 0xcf08e5c0816a5ad427ff0eb271859d0 Valid from Tue Nov 07 14:31:18 EST 2006 until Mon Dec 31 14:40:55 EST 2029 adding as trusted cert: Subject: CN=Entrust Root Certification Authority - EC1, OU="(c) 2012 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US Issuer: CN=Entrust Root Certification Authority - EC1, OU="(c) 2012 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US Algorithm: EC; Serial number: 0xa68b79290000000050d091f9 Valid from Tue Dec 18 10:25:36 EST 2012 until Fri Dec 18 10:55:36 EST 2037 adding as trusted cert: Subject: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP Issuer: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP Algorithm: RSA; Serial number: 0x0 Valid from Tue Sep 30 00:20:49 EDT 2003 until Sat Sep 30 00:20:49 EDT 2023 adding as trusted cert: Subject: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Issuer: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Algorithm: RSA; Serial number: 0x83be056904246b1a1756ac95991c74a Valid from Thu Nov 09 19:00:00 EST 2006 until Sun Nov 09 19:00:00 EST 2031 adding as trusted cert: Subject: CN=Microsec e-Szigno Root CA, OU=e-Szigno CA, O=Microsec Ltd., L=Budapest, C=HU Issuer: CN=Microsec e-Szigno Root CA, OU=e-Szigno CA, O=Microsec Ltd., L=Budapest, C=HU Algorithm: RSA; Serial number: 0xccb8e7bf4e291afda2dc66a51c2c0f11 Valid from Wed Apr 06 08:28:44 EDT 2005 until Thu Apr 06 08:28:44 EDT 2017 adding as trusted cert: Subject: CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM Issuer: CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM Algorithm: RSA; Serial number: 0x445734245b81899b35f2ceb82b3b5ba726f07528 Valid from Thu Jan 12 13:59:32 EST 2012 until Sun Jan 12 13:59:32 EST 2042 adding as trusted cert: Subject: CN=DigiCert Trusted Root G4, OU=www.digicert.com, O=DigiCert Inc, C=US Issuer: CN=DigiCert Trusted Root G4, OU=www.digicert.com, O=DigiCert Inc, C=US Algorithm: RSA; Serial number: 0x59b1b579e8e2132e23907bda777755c Valid from Thu Aug 01 08:00:00 EDT 2013 until Fri Jan 15 07:00:00 EST 2038 adding as trusted cert: Subject: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US Issuer: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US Algorithm: RSA; Serial number: 0x4 Valid from Mon Jun 21 00:00:00 EDT 1999 until Sun Jun 21 00:00:00 EDT 2020 adding as trusted cert: Subject: CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US Issuer: CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US Algorithm: RSA; Serial number: 0x18acb56afd69b6153a636cafdafac4a1 Valid from Sun Nov 26 19:00:00 EST 2006 until Wed Jul 16 19:59:59 EDT 2036 adding as trusted cert: Subject: C=IL, O=ComSign, CN=ComSign CA Issuer: C=IL, O=ComSign, CN=ComSign CA Algorithm: RSA; Serial number: 0x1413968314558cea7b63e5fc34877744 Valid from Wed Mar 24 06:32:18 EST 2004 until Mon Mar 19 11:02:18 EDT 2029 adding as trusted cert: Subject: O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Aralık 2007, L=Ankara, C=TR, CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı Issuer: O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Aralık 2007, L=Ankara, C=TR, CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı Algorithm: RSA; Serial number: 0x1 Valid from Tue Dec 25 13:37:19 EST 2007 until Fri Dec 22 13:37:19 EST 2017 adding as trusted cert: Subject: OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.", C=JP Issuer: OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.", C=JP Algorithm: RSA; Serial number: 0x0 Valid from Fri May 29 01:00:39 EDT 2009 until Tue May 29 01:00:39 EDT 2029 adding as trusted cert: Subject: CN=Staat der Nederlanden Root CA, O=Staat der Nederlanden, C=NL Issuer: CN=Staat der Nederlanden Root CA, O=Staat der Nederlanden, C=NL Algorithm: RSA; Serial number: 0x98968a Valid from Tue Dec 17 04:23:49 EST 2002 until Wed Dec 16 04:15:38 EST 2015 adding as trusted cert: Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US Algorithm: RSA; Serial number: 0x7dd9fe07cfa81eb7107967fba78934c6 Valid from Sun May 17 20:00:00 EDT 1998 until Tue Aug 01 19:59:59 EDT 2028 adding as trusted cert: Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US Issuer: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US Algorithm: RSA; Serial number: 0x1 Valid from Mon Jun 21 00:00:00 EDT 1999 until Sun Jun 21 00:00:00 EDT 2020 adding as trusted cert: Subject: OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd.", C=TW Issuer: OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd.", C=TW Algorithm: RSA; Serial number: 0x15c8bd65475cafb897005ee406d2bc9d Valid from Sun Dec 19 21:31:27 EST 2004 until Tue Dec 19 21:31:27 EST 2034 adding as trusted cert: Subject: CN=AffirmTrust Commercial, O=AffirmTrust, C=US Issuer: CN=AffirmTrust Commercial, O=AffirmTrust, C=US Algorithm: RSA; Serial number: 0x7777062726a9b17c Valid from Fri Jan 29 09:06:06 EST 2010 until Tue Dec 31 09:06:06 EST 2030 adding as trusted cert: Subject: CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL Issuer: CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL Algorithm: RSA; Serial number: 0x444c0 Valid from Wed Oct 22 08:07:37 EDT 2008 until Mon Dec 31 07:07:37 EST 2029 adding as trusted cert: Subject: CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL Issuer: CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL Algorithm: RSA; Serial number: 0x1 Valid from Sun Sep 17 15:46:36 EDT 2006 until Wed Sep 17 15:46:36 EDT 2036 adding as trusted cert: Subject: CN=Certinomis - Autorité Racine, OU=0002 433998903, O=Certinomis, C=FR Issuer: CN=Certinomis - Autorité Racine, OU=0002 433998903, O=Certinomis, C=FR Algorithm: RSA; Serial number: 0x1 Valid from Wed Sep 17 04:28:59 EDT 2008 until Sun Sep 17 04:28:59 EDT 2028 adding as trusted cert: Subject: CN=DST ACES CA X6, OU=DST ACES, O=Digital Signature Trust, C=US Issuer: CN=DST ACES CA X6, OU=DST ACES, O=Digital Signature Trust, C=US Algorithm: RSA; Serial number: 0xd5e990ad69db778ecd807563b8615d9 Valid from Thu Nov 20 16:19:58 EST 2003 until Mon Nov 20 16:19:58 EST 2017 adding as trusted cert: Subject: CN=XRamp Global Certification Authority, O=XRamp Security Services Inc, OU=www.xrampsecurity.com, C=US Issuer: CN=XRamp Global Certification Authority, O=XRamp Security Services Inc, OU=www.xrampsecurity.com, C=US Algorithm: RSA; Serial number: 0x50946cec18ead59c4dd597ef758fa0ad Valid from Mon Nov 01 12:14:04 EST 2004 until Mon Jan 01 00:37:19 EST 2035 adding as trusted cert: Subject: CN=EC-ACC, OU=Jerarquia Entitats de Certificacio Catalanes, OU=Vegeu https://www.catcert.net/verarrel (c)03, OU=Serveis Publics de Certificacio, O=Agencia Catalana de Certificacio (NIF Q-0801176-I), C=ES Issuer: CN=EC-ACC, OU=Jerarquia Entitats de Certificacio Catalanes, OU=Vegeu https://www.catcert.net/verarrel (c)03, OU=Serveis Publics de Certificacio, O=Agencia Catalana de Certificacio (NIF Q-0801176-I), C=ES Algorithm: RSA; Serial number: 0x-11d4c2142bde21eb579d53fb0c223bff Valid from Tue Jan 07 18:00:00 EST 2003 until Tue Jan 07 17:59:59 EST 2031 adding as trusted cert: Subject: CN=CA Disig Root R1, O=Disig a.s., L=Bratislava, C=SK Issuer: CN=CA Disig Root R1, O=Disig a.s., L=Bratislava, C=SK Algorithm: RSA; Serial number: 0xc3039aee50906e28 Valid from Thu Jul 19 05:06:56 EDT 2012 until Sat Jul 19 05:06:56 EDT 2042 adding as trusted cert: Subject: CN=Sonera Class2 CA, O=Sonera, C=FI Issuer: CN=Sonera Class2 CA, O=Sonera, C=FI Algorithm: RSA; Serial number: 0x1d Valid from Fri Apr 06 03:29:40 EDT 2001 until Tue Apr 06 03:29:40 EDT 2021 adding as trusted cert: Subject: CN=GeoTrust Primary Certification Authority - G2, OU=(c) 2007 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US Issuer: CN=GeoTrust Primary Certification Authority - G2, OU=(c) 2007 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US Algorithm: EC; Serial number: 0x3cb2f4480a00e2feeb243b5e603ec36b Valid from Sun Nov 04 19:00:00 EST 2007 until Mon Jan 18 18:59:59 EST 2038 adding as trusted cert: Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US Algorithm: RSA; Serial number: 0x35def4cf Valid from Sat Aug 22 12:41:51 EDT 1998 until Wed Aug 22 12:41:51 EDT 2018 adding as trusted cert: Subject: CN=Certinomis - Root CA, OU=0002 433998903, O=Certinomis, C=FR Issuer: CN=Certinomis - Root CA, OU=0002 433998903, O=Certinomis, C=FR Algorithm: RSA; Serial number: 0x1 Valid from Mon Oct 21 05:17:18 EDT 2013 until Fri Oct 21 05:17:18 EDT 2033 adding as trusted cert: Subject: CN=CA 沃通根证书, O=WoSign CA Limited, C=CN Issuer: CN=CA 沃通根证书, O=WoSign CA Limited, C=CN Algorithm: RSA; Serial number: 0x50706bcdd813fc1b4e3b3372d211488d Valid from Fri Aug 07 21:00:01 EDT 2009 until Sun Aug 07 21:00:01 EDT 2039 adding as trusted cert: Subject: CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Issuer: CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Algorithm: EC; Serial number: 0x1f47afaa62007050544c019e9b63992a Valid from Wed Mar 05 19:00:00 EST 2008 until Mon Jan 18 18:59:59 EST 2038 adding as trusted cert: Subject: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Issuer: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Algorithm: RSA; Serial number: 0x2ac5c266a0b409b8f0b79f2ae462577 Valid from Thu Nov 09 19:00:00 EST 2006 until Sun Nov 09 19:00:00 EST 2031 adding as trusted cert: Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3 Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3 Algorithm: RSA; Serial number: 0x4000000000121585308a2 Valid from Wed Mar 18 06:00:00 EDT 2009 until Sun Mar 18 06:00:00 EDT 2029 adding as trusted cert: Subject: CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US Issuer: CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US Algorithm: RSA; Serial number: 0x1 Valid from Thu Mar 04 00:00:00 EST 2004 until Sun Mar 04 00:00:00 EST 2029 adding as trusted cert: Subject: CN=Certification Authority of WoSign, O=WoSign CA Limited, C=CN Issuer: CN=Certification Authority of WoSign, O=WoSign CA Limited, C=CN Algorithm: RSA; Serial number: 0x5e68d61171946350560068f33ec9c591 Valid from Fri Aug 07 21:00:01 EDT 2009 until Sun Aug 07 21:00:01 EDT 2039 adding as trusted cert: Subject: CN=GeoTrust Universal CA 2, O=GeoTrust Inc., C=US Issuer: CN=GeoTrust Universal CA 2, O=GeoTrust Inc., C=US Algorithm: RSA; Serial number: 0x1 Valid from Thu Mar 04 00:00:00 EST 2004 until Sun Mar 04 00:00:00 EST 2029 adding as trusted cert: Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE Algorithm: RSA; Serial number: 0x20000b9 Valid from Fri May 12 14:46:00 EDT 2000 until Mon May 12 19:59:00 EDT 2025 adding as trusted cert: Subject: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB Issuer: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB Algorithm: RSA; Serial number: 0x1 Valid from Wed Dec 31 19:00:00 EST 2003 until Sun Dec 31 18:59:59 EST 2028 adding as trusted cert: Subject: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US Issuer: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US Algorithm: RSA; Serial number: 0x0 Valid from Tue Jun 29 13:39:16 EDT 2004 until Thu Jun 29 13:39:16 EDT 2034 adding as trusted cert: Subject: CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU Issuer: CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU Algorithm: RSA; Serial number: 0x0 Valid from Tue Sep 30 12:13:43 EDT 2003 until Wed Sep 30 12:13:44 EDT 2037 adding as trusted cert: Subject: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US Issuer: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362afe650afd Valid from Fri Jul 09 14:10:42 EDT 1999 until Tue Jul 09 14:19:22 EDT 2019 adding as trusted cert: Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Algorithm: RSA; Serial number: 0x9b7e0649a33e62b9d5ee90487129ef57 Valid from Thu Sep 30 20:00:00 EDT 1999 until Wed Jul 16 19:59:59 EDT 2036 adding as trusted cert: Subject: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE Issuer: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE Algorithm: RSA; Serial number: 0x40000000001154b5ac394 Valid from Tue Sep 01 08:00:00 EDT 1998 until Fri Jan 28 07:00:00 EST 2028 adding as trusted cert: Subject: CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5, O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş., L=Ankara, C=TR Issuer: CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5, O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş., L=Ankara, C=TR Algorithm: RSA; Serial number: 0x8e17fe242081 Valid from Tue Apr 30 04:07:01 EDT 2013 until Fri Apr 28 04:07:01 EDT 2023 adding as trusted cert: Subject: CN=AffirmTrust Networking, O=AffirmTrust, C=US Issuer: CN=AffirmTrust Networking, O=AffirmTrust, C=US Algorithm: RSA; Serial number: 0x7c4f04391cd4992d Valid from Fri Jan 29 09:08:24 EST 2010 until Tue Dec 31 09:08:24 EST 2030 adding as trusted cert: Subject: CN=TWCA Global Root CA, OU=Root CA, O=TAIWAN-CA, C=TW Issuer: CN=TWCA Global Root CA, OU=Root CA, O=TAIWAN-CA, C=TW Algorithm: RSA; Serial number: 0xcbe Valid from Wed Jun 27 02:28:33 EDT 2012 until Tue Dec 31 10:59:59 EST 2030 adding as trusted cert: Subject: CN=AffirmTrust Premium, O=AffirmTrust, C=US Issuer: CN=AffirmTrust Premium, O=AffirmTrust, C=US Algorithm: RSA; Serial number: 0x6d8c1446b1a60aee Valid from Fri Jan 29 09:10:36 EST 2010 until Mon Dec 31 09:10:36 EST 2040 adding as trusted cert: Subject: CN=NetLock Expressz (Class C) Tanusitvanykiado, OU=Tanusitvanykiadok, O=NetLock Halozatbiztonsagi Kft., L=Budapest, C=HU Issuer: CN=NetLock Expressz (Class C) Tanusitvanykiado, OU=Tanusitvanykiadok, O=NetLock Halozatbiztonsagi Kft., L=Budapest, C=HU Algorithm: RSA; Serial number: 0x68 Valid from Thu Feb 25 09:08:11 EST 1999 until Wed Feb 20 09:08:11 EST 2019 adding as trusted cert: Subject: EMAILADDRESS=igca@sgdn.pm.gouv.fr, CN=IGC/A, OU=DCSSI, O=PM/SGDN, L=Paris, ST=France, C=FR Issuer: EMAILADDRESS=igca@sgdn.pm.gouv.fr, CN=IGC/A, OU=DCSSI, O=PM/SGDN, L=Paris, ST=France, C=FR Algorithm: RSA; Serial number: 0x3911451094 Valid from Fri Dec 13 09:29:23 EST 2002 until Sat Oct 17 10:29:22 EDT 2020 adding as trusted cert: Subject: O=Government Root Certification Authority, C=TW Issuer: O=Government Root Certification Authority, C=TW Algorithm: RSA; Serial number: 0x1f9d595ad72fc20644a5800869e35ef6 Valid from Thu Dec 05 08:23:33 EST 2002 until Sun Dec 05 08:23:33 EST 2032 adding as trusted cert: Subject: CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US Issuer: CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US Algorithm: RSA; Serial number: 0x15ac6e9419b2794b41f627a9c3180f1f Valid from Tue Apr 01 20:00:00 EDT 2008 until Tue Dec 01 18:59:59 EST 2037 adding as trusted cert: Subject: CN=TWCA Root Certification Authority, OU=Root CA, O=TAIWAN-CA, C=TW Issuer: CN=TWCA Root Certification Authority, OU=Root CA, O=TAIWAN-CA, C=TW Algorithm: RSA; Serial number: 0x1 Valid from Thu Aug 28 03:24:33 EDT 2008 until Tue Dec 31 10:59:59 EST 2030 adding as trusted cert: Subject: CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU Issuer: CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU Algorithm: RSA; Serial number: 0xa3da427ea4b1aeda Valid from Fri Aug 01 08:29:50 EDT 2008 until Sat Jul 31 08:29:50 EDT 2038 adding as trusted cert: Subject: C=DE, O=Atos, CN=Atos TrustedRoot 2011 Issuer: C=DE, O=Atos, CN=Atos TrustedRoot 2011 Algorithm: RSA; Serial number: 0x5c33cb622c5fb332 Valid from Thu Jul 07 10:58:30 EDT 2011 until Tue Dec 31 18:59:59 EST 2030 adding as trusted cert: Subject: CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH Issuer: CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH Algorithm: RSA; Serial number: 0x4f1bd42f54bb2f4b Valid from Wed Oct 25 04:32:46 EDT 2006 until Sat Oct 25 04:32:46 EDT 2036 adding as trusted cert: Subject: CN=CNNIC ROOT, O=CNNIC, C=CN Issuer: CN=CNNIC ROOT, O=CNNIC, C=CN Algorithm: RSA; Serial number: 0x49330001 Valid from Mon Apr 16 03:09:14 EDT 2007 until Fri Apr 16 03:09:14 EDT 2027 adding as trusted cert: Subject: CN=SecureSign RootCA11, O="Japan Certification Services, Inc.", C=JP Issuer: CN=SecureSign RootCA11, O="Japan Certification Services, Inc.", C=JP Algorithm: RSA; Serial number: 0x1 Valid from Wed Apr 08 00:56:47 EDT 2009 until Sun Apr 08 00:56:47 EDT 2029 adding as trusted cert: Subject: CN=Entrust Root Certification Authority - G2, OU="(c) 2009 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US Issuer: CN=Entrust Root Certification Authority - G2, OU="(c) 2009 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US Algorithm: RSA; Serial number: 0x4a538c28 Valid from Tue Jul 07 13:25:54 EDT 2009 until Sat Dec 07 12:55:54 EST 2030 adding as trusted cert: Subject: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Issuer: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Algorithm: RSA; Serial number: 0xce7e0e517d846fe8fe560fc1bf03039 Valid from Thu Nov 09 19:00:00 EST 2006 until Sun Nov 09 19:00:00 EST 2031 adding as trusted cert: Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US Algorithm: RSA; Serial number: 0x0 Valid from Tue Jun 29 13:06:20 EDT 2004 until Thu Jun 29 13:06:20 EDT 2034 adding as trusted cert: Subject: CN=Secure Global CA, O=SecureTrust Corporation, C=US Issuer: CN=Secure Global CA, O=SecureTrust Corporation, C=US Algorithm: RSA; Serial number: 0x75622a4e8d48a894df413c8f0f8eaa5 Valid from Tue Nov 07 14:42:28 EST 2006 until Mon Dec 31 14:52:06 EST 2029 adding as trusted cert: Subject: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE Issuer: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE Algorithm: RSA; Serial number: 0x1 Valid from Tue May 30 06:48:38 EDT 2000 until Sat May 30 06:48:38 EDT 2020 adding as trusted cert: Subject: CN=Secure Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB Issuer: CN=Secure Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB Algorithm: RSA; Serial number: 0x1 Valid from Wed Dec 31 19:00:00 EST 2003 until Sun Dec 31 18:59:59 EST 2028 adding as trusted cert: Subject: CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE Issuer: CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE Algorithm: RSA; Serial number: 0x1 Valid from Wed Oct 01 06:29:56 EDT 2008 until Sat Oct 01 19:59:59 EDT 2033 adding as trusted cert: Subject: CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US Issuer: CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US Algorithm: EC; Serial number: 0x55556bcf25ea43535c3a40fd5ab4572 Valid from Thu Aug 01 08:00:00 EDT 2013 until Fri Jan 15 07:00:00 EST 2038 adding as trusted cert: Subject: CN=Swisscom Root CA 1, OU=Digital Certificate Services, O=Swisscom, C=ch Issuer: CN=Swisscom Root CA 1, OU=Digital Certificate Services, O=Swisscom, C=ch Algorithm: RSA; Serial number: 0x5c0b855c0be75941df57cc3f7f9da836 Valid from Thu Aug 18 08:06:20 EDT 2005 until Mon Aug 18 18:06:20 EDT 2025 adding as trusted cert: Subject: CN=PSCProcert, C=VE, O=Sistema Nacional de Certificacion Electronica, OU=Proveedor de Certificados PROCERT, ST=Miranda, L=Chacao, EMAILADDRESS=contacto@procert.net.ve Issuer: EMAILADDRESS=acraiz@suscerte.gob.ve, OU=Superintendencia de Servicios de Certificacion Electronica, O=Sistema Nacional de Certificacion Electronica, ST=Distrito Capital, L=Caracas, C=VE, CN=Autoridad de Certificacion Raiz del Estado Venezolano Algorithm: RSA; Serial number: 0xb Valid from Tue Dec 28 11:51:00 EST 2010 until Fri Dec 25 18:59:59 EST 2020 adding as trusted cert: Subject: CN=Juur-SK, O=AS Sertifitseerimiskeskus, C=EE, EMAILADDRESS=pki@sk.ee Issuer: CN=Juur-SK, O=AS Sertifitseerimiskeskus, C=EE, EMAILADDRESS=pki@sk.ee Algorithm: RSA; Serial number: 0x3b8e4bfc Valid from Thu Aug 30 10:23:01 EDT 2001 until Fri Aug 26 10:23:01 EDT 2016 adding as trusted cert: Subject: C=TR, O=EBG Bilişim Teknolojileri ve Hizmetleri A.Ş., CN=EBG Elektronik Sertifika Hizmet Sağlayıcısı Issuer: C=TR, O=EBG Bilişim Teknolojileri ve Hizmetleri A.Ş., CN=EBG Elektronik Sertifika Hizmet Sağlayıcısı Algorithm: RSA; Serial number: 0x4caf73421c8e7402 Valid from Wed Aug 16 20:21:09 EDT 2006 until Sat Aug 13 20:31:09 EDT 2016 adding as trusted cert: Subject: CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US Issuer: CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US Algorithm: RSA; Serial number: 0x44be0c8b500024b411d336252567c989 Valid from Fri Jul 09 13:28:50 EDT 1999 until Tue Jul 09 13:36:58 EDT 2019 adding as trusted cert: Subject: CN=GeoTrust Global CA 2, O=GeoTrust Inc., C=US Issuer: CN=GeoTrust Global CA 2, O=GeoTrust Inc., C=US Algorithm: RSA; Serial number: 0x1 Valid from Thu Mar 04 00:00:00 EST 2004 until Mon Mar 04 00:00:00 EST 2019 adding as trusted cert: Subject: CN=Class 2 Primary CA, O=Certplus, C=FR Issuer: CN=Class 2 Primary CA, O=Certplus, C=FR Algorithm: RSA; Serial number: 0x85bd4bf3d8dae369f694d75fc3a54423 Valid from Wed Jul 07 13:05:00 EDT 1999 until Sat Jul 06 19:59:59 EDT 2019 adding as trusted cert: Subject: CN=OISTE WISeKey Global Root GA CA, OU=OISTE Foundation Endorsed, OU=Copyright (c) 2005, O=WISeKey, C=CH Issuer: CN=OISTE WISeKey Global Root GA CA, OU=OISTE Foundation Endorsed, OU=Copyright (c) 2005, O=WISeKey, C=CH Algorithm: RSA; Serial number: 0x413d72c7f46b1f81437df1d22854df9a Valid from Sun Dec 11 11:03:44 EST 2005 until Fri Dec 11 11:09:51 EST 2037 adding as trusted cert: Subject: EMAILADDRESS=info@netlock.hu, CN=NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado, OU=Tanusitvanykiadok, O=NetLock Halozatbiztonsagi Kft., L=Budapest, C=HU Issuer: EMAILADDRESS=info@netlock.hu, CN=NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado, OU=Tanusitvanykiadok, O=NetLock Halozatbiztonsagi Kft., L=Budapest, C=HU Algorithm: RSA; Serial number: 0x7b Valid from Sat Mar 29 20:47:11 EST 2003 until Wed Dec 14 20:47:11 EST 2022 adding as trusted cert: Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US Algorithm: RSA; Serial number: 0x23456 Valid from Tue May 21 00:00:00 EDT 2002 until Sat May 21 00:00:00 EDT 2022 adding as trusted cert: Subject: CN=Network Solutions Certificate Authority, O=Network Solutions L.L.C., C=US Issuer: CN=Network Solutions Certificate Authority, O=Network Solutions L.L.C., C=US Algorithm: RSA; Serial number: 0x57cb336fc25c16e6471617e3903168e0 Valid from Thu Nov 30 19:00:00 EST 2006 until Mon Dec 31 18:59:59 EST 2029 adding as trusted cert: Subject: CN=CFCA EV ROOT, O=China Financial Certification Authority, C=CN Issuer: CN=CFCA EV ROOT, O=China Financial Certification Authority, C=CN Algorithm: RSA; Serial number: 0x184accd6 Valid from Tue Aug 07 23:07:01 EDT 2012 until Sun Dec 30 22:07:01 EST 2029 adding as trusted cert: Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH Issuer: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH Algorithm: RSA; Serial number: 0x4eb200670c035d4f Valid from Wed Oct 25 04:36:00 EDT 2006 until Sat Oct 25 04:36:00 EDT 2036 adding as trusted cert: Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R5 Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R5 Algorithm: EC; Serial number: 0x605949e0262ebb55f90a778a71f94ad86c Valid from Mon Nov 12 19:00:00 EST 2012 until Mon Jan 18 22:14:07 EST 2038 adding as trusted cert: Subject: CN=CA Disig, O=Disig a.s., L=Bratislava, C=SK Issuer: CN=CA Disig, O=Disig a.s., L=Bratislava, C=SK Algorithm: RSA; Serial number: 0x1 Valid from Tue Mar 21 20:39:34 EST 2006 until Mon Mar 21 21:39:34 EDT 2016 adding as trusted cert: Subject: CN=S-TRUST Authentication and Encryption Root CA 2005:PN, O=Deutscher Sparkassen Verlag GmbH, L=Stuttgart, ST=Baden-Wuerttemberg (BW), C=DE Issuer: CN=S-TRUST Authentication and Encryption Root CA 2005:PN, O=Deutscher Sparkassen Verlag GmbH, L=Stuttgart, ST=Baden-Wuerttemberg (BW), C=DE Algorithm: RSA; Serial number: 0x371918e653547c1ab5b8cb595adb35b7 Valid from Tue Jun 21 20:00:00 EDT 2005 until Fri Jun 21 19:59:59 EDT 2030 adding as trusted cert: Subject: CN=CA WoSign ECC Root, O=WoSign CA Limited, C=CN Issuer: CN=CA WoSign ECC Root, O=WoSign CA Limited, C=CN Algorithm: EC; Serial number: 0x684a5870806bf08f02faf6dee8b09090 Valid from Fri Nov 07 19:58:58 EST 2014 until Mon Nov 07 19:58:58 EST 2044 adding as trusted cert: Subject: CN=Hellenic Academic and Research Institutions RootCA 2011, O=Hellenic Academic and Research Institutions Cert. Authority, C=GR Issuer: CN=Hellenic Academic and Research Institutions RootCA 2011, O=Hellenic Academic and Research Institutions Cert. Authority, C=GR Algorithm: RSA; Serial number: 0x0 Valid from Tue Dec 06 08:49:52 EST 2011 until Mon Dec 01 08:49:52 EST 2031 adding as trusted cert: Subject: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Issuer: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Algorithm: RSA; Serial number: 0x6170cb498c5f984529e7b0a6d9505b7a Valid from Thu Sep 30 20:00:00 EDT 1999 until Wed Jul 16 19:59:59 EDT 2036 adding as trusted cert: Subject: CN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US Issuer: CN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US Algorithm: RSA; Serial number: 0x0 Valid from Mon Aug 31 20:00:00 EDT 2009 until Thu Dec 31 18:59:59 EST 2037 adding as trusted cert: Subject: CN=IdenTrust Public Sector Root CA 1, O=IdenTrust, C=US Issuer: CN=IdenTrust Public Sector Root CA 1, O=IdenTrust, C=US Algorithm: RSA; Serial number: 0xa0142800000014523cf467c00000002 Valid from Thu Jan 16 12:53:32 EST 2014 until Mon Jan 16 12:53:32 EST 2034 adding as trusted cert: Subject: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net Issuer: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net Algorithm: RSA; Serial number: 0x3863def8 Valid from Fri Dec 24 12:50:51 EST 1999 until Tue Jul 24 10:15:12 EDT 2029 adding as trusted cert: Subject: CN=Staat der Nederlanden Root CA - G3, O=Staat der Nederlanden, C=NL Issuer: CN=Staat der Nederlanden Root CA - G3, O=Staat der Nederlanden, C=NL Algorithm: RSA; Serial number: 0x98a239 Valid from Thu Nov 14 06:28:42 EST 2013 until Mon Nov 13 18:00:00 EST 2028 adding as trusted cert: Subject: CN=TeliaSonera Root CA v1, O=TeliaSonera Issuer: CN=TeliaSonera Root CA v1, O=TeliaSonera Algorithm: RSA; Serial number: 0x95be16a0f72e46f17b398272fa8bcd96 Valid from Thu Oct 18 08:00:50 EDT 2007 until Mon Oct 18 08:00:50 EDT 2032 adding as trusted cert: Subject: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US Issuer: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US Algorithm: RSA; Serial number: 0x344ed55720d5edec49f42fce37db2b6d Valid from Thu Nov 16 19:00:00 EST 2006 until Wed Jul 16 19:59:59 EDT 2036 adding as trusted cert: Subject: CN=MY_SERVER_HOSTNAME, OU=PositiveSSL, OU=Domain Control Validated Issuer: CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Algorithm: RSA; Serial number: 0x619e7f18c2c665d07f0a7ca2cd0f3e02 Valid from Fri Jun 10 20:00:00 EDT 2016 until Tue Jun 11 19:59:59 EDT 2019 adding as trusted cert: Subject: CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US Issuer: CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US Algorithm: RSA; Serial number: 0x0 Valid from Mon Aug 31 20:00:00 EDT 2009 until Thu Dec 31 18:59:59 EST 2037 adding as trusted cert: Subject: CN=Visa eCommerce Root, OU=Visa International Service Association, O=VISA, C=US Issuer: CN=Visa eCommerce Root, OU=Visa International Service Association, O=VISA, C=US Algorithm: RSA; Serial number: 0x1386354d1d3f06f2c1f96505d5901c62 Valid from Tue Jun 25 22:18:36 EDT 2002 until Thu Jun 23 20:16:12 EDT 2022 adding as trusted cert: Subject: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Issuer: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Algorithm: RSA; Serial number: 0x8b5b75568454850b00cfaf3848ceb1a4 Valid from Thu Sep 30 20:00:00 EDT 1999 until Wed Jul 16 19:59:59 EDT 2036 adding as trusted cert: Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Algorithm: EC; Serial number: 0x2f80fe238c0e220f486712289187acb3 Valid from Sun Nov 04 19:00:00 EST 2007 until Mon Jan 18 18:59:59 EST 2038 adding as trusted cert: Subject: CN=Staat der Nederlanden EV Root CA, O=Staat der Nederlanden, C=NL Issuer: CN=Staat der Nederlanden EV Root CA, O=Staat der Nederlanden, C=NL Algorithm: RSA; Serial number: 0x98968d Valid from Wed Dec 08 06:19:29 EST 2010 until Thu Dec 08 06:10:28 EST 2022 adding as trusted cert: Subject: CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US Issuer: CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US Algorithm: RSA; Serial number: 0x456b5054 Valid from Mon Nov 27 15:23:42 EST 2006 until Fri Nov 27 15:53:42 EST 2026 adding as trusted cert: Subject: CN=Root CA Generalitat Valenciana, OU=PKIGVA, O=Generalitat Valenciana, C=ES Issuer: CN=Root CA Generalitat Valenciana, OU=PKIGVA, O=Generalitat Valenciana, C=ES Algorithm: RSA; Serial number: 0x3b45e568 Valid from Fri Jul 06 12:22:47 EDT 2001 until Thu Jul 01 11:22:47 EDT 2021 adding as trusted cert: Subject: CN=Certification Authority of WoSign G2, O=WoSign CA Limited, C=CN Issuer: CN=Certification Authority of WoSign G2, O=WoSign CA Limited, C=CN Algorithm: RSA; Serial number: 0x6b25da8a889d7cbc0f05b3b17a614544 Valid from Fri Nov 07 19:58:58 EST 2014 until Mon Nov 07 19:58:58 EST 2044 adding as trusted cert: Subject: CN=S-TRUST Universal Root CA, OU=S-TRUST Certification Services, O=Deutscher Sparkassen Verlag GmbH, C=DE Issuer: CN=S-TRUST Universal Root CA, OU=S-TRUST Certification Services, O=Deutscher Sparkassen Verlag GmbH, C=DE Algorithm: RSA; Serial number: 0x6056c54b23405b64d4ed25dad9d61e1e Valid from Mon Oct 21 20:00:00 EDT 2013 until Thu Oct 21 19:59:59 EDT 2038 adding as trusted cert: Subject: CN=DigiCert Assured ID Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US Issuer: CN=DigiCert Assured ID Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US Algorithm: RSA; Serial number: 0xb931c3ad63967ea6723bfc3af9af44b Valid from Thu Aug 01 08:00:00 EDT 2013 until Fri Jan 15 07:00:00 EST 2038 adding as trusted cert: Subject: CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL Issuer: CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL Algorithm: RSA; Serial number: 0x2d Valid from Sun Sep 17 15:46:37 EDT 2006 until Wed Sep 17 15:46:36 EDT 2036 adding as trusted cert: Subject: CN=Certum CA, O=Unizeto Sp. z o.o., C=PL Issuer: CN=Certum CA, O=Unizeto Sp. z o.o., C=PL Algorithm: RSA; Serial number: 0x10020 Valid from Tue Jun 11 06:46:39 EDT 2002 until Fri Jun 11 06:46:39 EDT 2027 adding as trusted cert: Subject: CN=CA Disig Root R2, O=Disig a.s., L=Bratislava, C=SK Issuer: CN=CA Disig Root R2, O=Disig a.s., L=Bratislava, C=SK Algorithm: RSA; Serial number: 0x92b888dbb08ac163 Valid from Thu Jul 19 05:15:30 EDT 2012 until Sat Jul 19 05:15:30 EDT 2042 adding as trusted cert: Subject: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE Issuer: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE Algorithm: RSA; Serial number: 0x1 Valid from Tue May 30 06:44:50 EDT 2000 until Sat May 30 06:44:50 EDT 2020 adding as trusted cert: Subject: CN=DST Root CA X3, O=Digital Signature Trust Co. Issuer: CN=DST Root CA X3, O=Digital Signature Trust Co. Algorithm: RSA; Serial number: 0x44afb080d6a327ba893039862ef8406b Valid from Sat Sep 30 17:12:19 EDT 2000 until Thu Sep 30 10:01:15 EDT 2021 adding as trusted cert: Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US Algorithm: RSA; Serial number: 0x70bae41d10d92934b638ca7b03ccbabf Valid from Sun Jan 28 19:00:00 EST 1996 until Tue Aug 01 19:59:59 EDT 2028 adding as trusted cert: Subject: CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO Issuer: CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO Algorithm: RSA; Serial number: 0x2 Valid from Tue Oct 26 04:38:03 EDT 2010 until Fri Oct 26 04:38:03 EDT 2040 adding as trusted cert: Subject: CN=D-TRUST Root Class 3 CA 2 EV 2009, O=D-Trust GmbH, C=DE Issuer: CN=D-TRUST Root Class 3 CA 2 EV 2009, O=D-Trust GmbH, C=DE Algorithm: RSA; Serial number: 0x983f4 Valid from Thu Nov 05 03:50:46 EST 2009 until Mon Nov 05 03:50:46 EST 2029 adding as trusted cert: Subject: CN=DigiCert Assured ID Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US Issuer: CN=DigiCert Assured ID Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US Algorithm: EC; Serial number: 0xba15afa1ddfa0b54944afcd24a06cec Valid from Thu Aug 01 08:00:00 EDT 2013 until Fri Jan 15 07:00:00 EST 2038 adding as trusted cert: Subject: CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH Issuer: CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH Algorithm: RSA; Serial number: 0xbb401c43f55e4fb0 Valid from Wed Oct 25 04:30:35 EDT 2006 until Sat Oct 25 04:30:35 EDT 2036 adding as trusted cert: Subject: CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US Issuer: CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US Algorithm: EC; Serial number: 0x5c8b99c55a94c5d27156decd8980cc26 Valid from Sun Jan 31 19:00:00 EST 2010 until Mon Jan 18 18:59:59 EST 2038 adding as trusted cert: Subject: OU=certSIGN ROOT CA, O=certSIGN, C=RO Issuer: OU=certSIGN ROOT CA, O=certSIGN, C=RO Algorithm: RSA; Serial number: 0x200605167002 Valid from Tue Jul 04 13:20:04 EDT 2006 until Fri Jul 04 13:20:04 EDT 2031 adding as trusted cert: Subject: CN=IdenTrust Commercial Root CA 1, O=IdenTrust, C=US Issuer: CN=IdenTrust Commercial Root CA 1, O=IdenTrust, C=US Algorithm: RSA; Serial number: 0xa0142800000014523c844b500000002 Valid from Thu Jan 16 13:12:23 EST 2014 until Mon Jan 16 13:12:23 EST 2034 adding as trusted cert: Subject: CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM Issuer: CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM Algorithm: RSA; Serial number: 0x509 Valid from Fri Nov 24 13:27:00 EST 2006 until Mon Nov 24 13:23:33 EST 2031 adding as trusted cert: Subject: CN=D-TRUST Root Class 3 CA 2 2009, O=D-Trust GmbH, C=DE Issuer: CN=D-TRUST Root Class 3 CA 2 2009, O=D-Trust GmbH, C=DE Algorithm: RSA; Serial number: 0x983f3 Valid from Thu Nov 05 03:35:58 EST 2009 until Mon Nov 05 03:35:58 EST 2029 adding as trusted cert: Subject: CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche Telekom AG, C=DE Issuer: CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche Telekom AG, C=DE Algorithm: RSA; Serial number: 0x26 Valid from Fri Jul 09 08:11:00 EDT 1999 until Tue Jul 09 19:59:00 EDT 2019 adding as trusted cert: Subject: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM Issuer: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM Algorithm: RSA; Serial number: 0x78585f2ead2c194be3370735341328b596d46593 Valid from Thu Jan 12 12:27:44 EST 2012 until Sun Jan 12 12:27:44 EST 2042 adding as trusted cert: Subject: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US Issuer: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US Algorithm: RSA; Serial number: 0x3f691e819cf09a4af373ffb948a2e4dd Valid from Sun Jan 28 19:00:00 EST 1996 until Wed Aug 02 19:59:59 EDT 2028 adding as trusted cert: Subject: CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US Issuer: CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US Algorithm: RSA; Serial number: 0x1fd6d30fca3ca51a81bbc640e35032d Valid from Sun Jan 31 19:00:00 EST 2010 until Mon Jan 18 18:59:59 EST 2038 adding as trusted cert: Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US Algorithm: RSA; Serial number: 0xb92f60cc889fa17a4609b85b706c8aaf Valid from Sun May 17 20:00:00 EDT 1998 until Tue Aug 01 19:59:59 EDT 2028 adding as trusted cert: Subject: CN=Izenpe.com, O=IZENPE S.A., C=ES Issuer: CN=Izenpe.com, O=IZENPE S.A., C=ES Algorithm: RSA; Serial number: 0xb0b75a16485fbfe1cbf58bd719e67d Valid from Thu Dec 13 08:08:28 EST 2007 until Sun Dec 13 03:27:25 EST 2037 adding as trusted cert: Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 Algorithm: RSA; Serial number: 0x400000000010f8626e60d Valid from Fri Dec 15 03:00:00 EST 2006 until Wed Dec 15 03:00:00 EST 2021 adding as trusted cert: Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Algorithm: RSA; Serial number: 0x18dad19e267de8bb4a2158cdcc6b3b4a Valid from Tue Nov 07 19:00:00 EST 2006 until Wed Jul 16 19:59:59 EDT 2036 adding as trusted cert: Subject: CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM Issuer: CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM Algorithm: RSA; Serial number: 0x5c6 Valid from Fri Nov 24 14:11:23 EST 2006 until Mon Nov 24 14:06:44 EST 2031 adding as trusted cert: Subject: CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US Issuer: CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US Algorithm: RSA; Serial number: 0x0 Valid from Mon Aug 31 20:00:00 EDT 2009 until Thu Dec 31 18:59:59 EST 2037 adding as trusted cert: Subject: CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6, O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş., L=Ankara, C=TR Issuer: CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6, O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş., L=Ankara, C=TR Algorithm: RSA; Serial number: 0x7da1f265ec8a Valid from Wed Dec 18 04:04:10 EST 2013 until Sat Dec 16 04:04:10 EST 2023 adding as trusted cert: Subject: CN=OISTE WISeKey Global Root GB CA, OU=OISTE Foundation Endorsed, O=WISeKey, C=CH Issuer: CN=OISTE WISeKey Global Root GB CA, OU=OISTE Foundation Endorsed, O=WISeKey, C=CH Algorithm: RSA; Serial number: 0x76b1205274f0858746b3f8231af6c2c0 Valid from Mon Dec 01 10:00:32 EST 2014 until Thu Dec 01 10:10:31 EST 2039 adding as trusted cert: Subject: CN=WellsSecure Public Root Certificate Authority, OU=Wells Fargo Bank NA, O=Wells Fargo WellsSecure, C=US Issuer: CN=WellsSecure Public Root Certificate Authority, OU=Wells Fargo Bank NA, O=Wells Fargo WellsSecure, C=US Algorithm: RSA; Serial number: 0x1 Valid from Thu Dec 13 12:07:54 EST 2007 until Tue Dec 13 19:07:54 EST 2022 adding as trusted cert: Subject: CN=Swisscom Root CA 2, OU=Digital Certificate Services, O=Swisscom, C=ch Issuer: CN=Swisscom Root CA 2, OU=Digital Certificate Services, O=Swisscom, C=ch Algorithm: RSA; Serial number: 0x1e9e28e848f2e5efc37c4a1e5a1867b6 Valid from Fri Jun 24 04:38:14 EDT 2011 until Wed Jun 25 03:38:14 EDT 2031 adding as trusted cert: Subject: CN=QuoVadis Root CA 3 G3, O=QuoVadis Limited, C=BM Issuer: CN=QuoVadis Root CA 3 G3, O=QuoVadis Limited, C=BM Algorithm: RSA; Serial number: 0x2ef59b0228a7db7affd5a3a9eebd03a0cf126a1d Valid from Thu Jan 12 15:26:32 EST 2012 until Sun Jan 12 15:26:32 EST 2042 adding as trusted cert: Subject: EMAILADDRESS=info@e-szigno.hu, CN=Microsec e-Szigno Root CA 2009, O=Microsec Ltd., L=Budapest, C=HU Issuer: EMAILADDRESS=info@e-szigno.hu, CN=Microsec e-Szigno Root CA 2009, O=Microsec Ltd., L=Budapest, C=HU Algorithm: RSA; Serial number: 0xc27e43044e473f19 Valid from Tue Jun 16 07:30:18 EDT 2009 until Sun Dec 30 06:30:18 EST 2029 adding as trusted cert: Subject: CN=StartCom Certification Authority G2, O=StartCom Ltd., C=IL Issuer: CN=StartCom Certification Authority G2, O=StartCom Ltd., C=IL Algorithm: RSA; Serial number: 0x3b Valid from Thu Dec 31 20:00:01 EST 2009 until Sat Dec 31 18:59:01 EST 2039 adding as trusted cert: Subject: CN=NetLock Arany (Class Gold) Főtanúsítvány, OU=Tanúsítványkiadók (Certification Services), O=NetLock Kft., L=Budapest, C=HU Issuer: CN=NetLock Arany (Class Gold) Főtanúsítvány, OU=Tanúsítványkiadók (Certification Services), O=NetLock Kft., L=Budapest, C=HU Algorithm: RSA; Serial number: 0x49412ce40010 Valid from Thu Dec 11 10:08:21 EST 2008 until Wed Dec 06 10:08:21 EST 2028 adding as trusted cert: Subject: CN=TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3, OU=Kamu Sertifikasyon Merkezi, OU=Ulusal Elektronik ve Kriptoloji Araştırma Enstitüsü - UEKAE, O=Türkiye Bilimsel ve Teknolojik Araştırma Kurumu - TÜBİTAK, L=Gebze - Kocaeli, C=TR Issuer: CN=TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3, OU=Kamu Sertifikasyon Merkezi, OU=Ulusal Elektronik ve Kriptoloji Araştırma Enstitüsü - UEKAE, O=Türkiye Bilimsel ve Teknolojik Araştırma Kurumu - TÜBİTAK, L=Gebze - Kocaeli, C=TR Algorithm: RSA; Serial number: 0x11 Valid from Fri Aug 24 07:37:07 EDT 2007 until Mon Aug 21 07:37:07 EDT 2017 adding as trusted cert: Subject: CN=Actalis Authentication Root CA, O=Actalis S.p.A./03358520967, L=Milan, C=IT Issuer: CN=Actalis Authentication Root CA, O=Actalis S.p.A./03358520967, L=Milan, C=IT Algorithm: RSA; Serial number: 0x570a119742c4e3cc Valid from Thu Sep 22 07:22:02 EDT 2011 until Sun Sep 22 07:22:02 EDT 2030 adding as trusted cert: Subject: CN=Autoridad de Certificacion Firmaprofesional CIF A62634068, C=ES Issuer: CN=Autoridad de Certificacion Firmaprofesional CIF A62634068, C=ES Algorithm: RSA; Serial number: 0x53ec3beefbb2485f Valid from Wed May 20 04:38:15 EDT 2009 until Tue Dec 31 03:38:15 EST 2030 adding as trusted cert: Subject: CN=Certigna, O=Dhimyotis, C=FR Issuer: CN=Certigna, O=Dhimyotis, C=FR Algorithm: RSA; Serial number: 0xfedce3010fc948ff Valid from Fri Jun 29 11:13:05 EDT 2007 until Tue Jun 29 11:13:05 EDT 2027 adding as trusted cert: Subject: CN=AddTrust Public CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE Issuer: CN=AddTrust Public CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE Algorithm: RSA; Serial number: 0x1 Valid from Tue May 30 06:41:50 EDT 2000 until Sat May 30 06:41:50 EDT 2020 adding as trusted cert: Subject: CN=E-Tugra Certification Authority, OU=E-Tugra Sertifikasyon Merkezi, O=E-Tuğra EBG Bilişim Teknolojileri ve Hizmetleri A.Ş., L=Ankara, C=TR Issuer: CN=E-Tugra Certification Authority, OU=E-Tugra Sertifikasyon Merkezi, O=E-Tuğra EBG Bilişim Teknolojileri ve Hizmetleri A.Ş., L=Ankara, C=TR Algorithm: RSA; Serial number: 0x6a683e9c519bcb53 Valid from Tue Mar 05 07:09:48 EST 2013 until Fri Mar 03 07:09:48 EST 2023 adding as trusted cert: Subject: C=ES, O=ACCV, OU=PKIACCV, CN=ACCVRAIZ1 Issuer: C=ES, O=ACCV, OU=PKIACCV, CN=ACCVRAIZ1 Algorithm: RSA; Serial number: 0x5ec3b7a6437fa4e0 Valid from Thu May 05 05:37:37 EDT 2011 until Tue Dec 31 04:37:37 EST 2030 adding as trusted cert: Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US Algorithm: RSA; Serial number: 0x3c9131cb1ff6d01b0e9ab8d044bf12be Valid from Sun Jan 28 19:00:00 EST 1996 until Wed Aug 02 19:59:59 EDT 2028 adding as trusted cert: Subject: CN=TC TrustCenter Class 3 CA II, OU=TC TrustCenter Class 3 CA, O=TC TrustCenter GmbH, C=DE Issuer: CN=TC TrustCenter Class 3 CA II, OU=TC TrustCenter Class 3 CA, O=TC TrustCenter GmbH, C=DE Algorithm: RSA; Serial number: 0x4a4700010002e5a05dd63f0051bf Valid from Thu Jan 12 09:41:57 EST 2006 until Wed Dec 31 17:59:59 EST 2025 adding as trusted cert: Subject: CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM Issuer: CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM Algorithm: RSA; Serial number: 0x3ab6508b Valid from Mon Mar 19 13:33:33 EST 2001 until Wed Mar 17 14:33:33 EDT 2021 adding as trusted cert: Subject: CN=Buypass Class 2 CA 1, O=Buypass AS-983163327, C=NO Issuer: CN=Buypass Class 2 CA 1, O=Buypass AS-983163327, C=NO Algorithm: RSA; Serial number: 0x1 Valid from Fri Oct 13 06:25:09 EDT 2006 until Thu Oct 13 06:25:09 EDT 2016 adding as trusted cert: Subject: CN=Buypass Class 3 Root CA, O=Buypass AS-983163327, C=NO Issuer: CN=Buypass Class 3 Root CA, O=Buypass AS-983163327, C=NO Algorithm: RSA; Serial number: 0x2 Valid from Tue Oct 26 04:28:58 EDT 2010 until Fri Oct 26 04:28:58 EDT 2040 adding as trusted cert: Subject: OU=Security Communication EV RootCA1, O="SECOM Trust Systems CO.,LTD.", C=JP Issuer: OU=Security Communication EV RootCA1, O="SECOM Trust Systems CO.,LTD.", C=JP Algorithm: RSA; Serial number: 0x0 Valid from Tue Jun 05 22:12:32 EDT 2007 until Fri Jun 05 22:12:32 EDT 2037 adding as trusted cert: Subject: CN=thawte Primary Root CA - G2, OU="(c) 2007 thawte, Inc. - For authorized use only", O="thawte, Inc.", C=US Issuer: CN=thawte Primary Root CA - G2, OU="(c) 2007 thawte, Inc. - For authorized use only", O="thawte, Inc.", C=US Algorithm: EC; Serial number: 0x35fc265cd9844fc93d263d579baed756 Valid from Sun Nov 04 19:00:00 EST 2007 until Mon Jan 18 18:59:59 EST 2038 adding as trusted cert: Subject: CN=Swisscom Root EV CA 2, OU=Digital Certificate Services, O=Swisscom, C=ch Issuer: CN=Swisscom Root EV CA 2, OU=Digital Certificate Services, O=Swisscom, C=ch Algorithm: RSA; Serial number: 0xf2fa64e27463d38dfd101d041f76ca58 Valid from Fri Jun 24 05:45:08 EDT 2011 until Wed Jun 25 04:45:08 EDT 2031 adding as trusted cert: Subject: CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado, OU=Tanusitvanykiadok, O=NetLock Halozatbiztonsagi Kft., L=Budapest, ST=Hungary, C=HU Issuer: CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado, OU=Tanusitvanykiadok, O=NetLock Halozatbiztonsagi Kft., L=Budapest, ST=Hungary, C=HU Algorithm: RSA; Serial number: 0x103 Valid from Wed Feb 24 18:14:47 EST 1999 until Tue Feb 19 18:14:47 EST 2019 adding as trusted cert: Subject: CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Issuer: CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Algorithm: RSA; Serial number: 0x401ac46421b31321030ebbe4121ac51d Valid from Tue Apr 01 20:00:00 EDT 2008 until Tue Dec 01 18:59:59 EST 2037 adding as trusted cert: Subject: CN=China Internet Network Information Center EV Certificates Root, O=China Internet Network Information Center, C=CN Issuer: CN=China Internet Network Information Center EV Certificates Root, O=China Internet Network Information Center, C=CN Algorithm: RSA; Serial number: 0x489f0001 Valid from Tue Aug 31 03:11:25 EDT 2010 until Sat Aug 31 03:11:25 EDT 2030 adding as trusted cert: Subject: CN=Cybertrust Global Root, O="Cybertrust, Inc" Issuer: CN=Cybertrust Global Root, O="Cybertrust, Inc" Algorithm: RSA; Serial number: 0x400000000010f85aa2d48 Valid from Fri Dec 15 03:00:00 EST 2006 until Wed Dec 15 03:00:00 EST 2021 adding as trusted cert: Subject: OU=ApplicationCA, O=Japanese Government, C=JP Issuer: OU=ApplicationCA, O=Japanese Government, C=JP Algorithm: RSA; Serial number: 0x31 Valid from Wed Dec 12 10:00:00 EST 2007 until Tue Dec 12 10:00:00 EST 2017 adding as trusted cert: Subject: CN=Trusted Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB Issuer: CN=Trusted Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB Algorithm: RSA; Serial number: 0x1 Valid from Wed Dec 31 19:00:00 EST 2003 until Sun Dec 31 18:59:59 EST 2028 adding as trusted cert: Subject: CN=Global Chambersign Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU Issuer: CN=Global Chambersign Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU Algorithm: RSA; Serial number: 0x0 Valid from Tue Sep 30 12:14:18 EDT 2003 until Wed Sep 30 12:14:18 EDT 2037 adding as trusted cert: Subject: OU=Trustis FPS Root CA, O=Trustis Limited, C=GB Issuer: OU=Trustis FPS Root CA, O=Trustis Limited, C=GB Algorithm: RSA; Serial number: 0x1b1fadb620f924d3366bf7c7f18ca059 Valid from Tue Dec 23 07:14:06 EST 2003 until Sun Jan 21 06:36:54 EST 2024 adding as trusted cert: Subject: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE Issuer: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE Algorithm: RSA; Serial number: 0x1 Valid from Tue May 30 06:38:31 EDT 2000 until Sat May 30 06:38:31 EDT 2020 adding as trusted cert: Subject: CN=NetLock Uzleti (Class B) Tanusitvanykiado, OU=Tanusitvanykiadok, O=NetLock Halozatbiztonsagi Kft., L=Budapest, C=HU Issuer: CN=NetLock Uzleti (Class B) Tanusitvanykiado, OU=Tanusitvanykiadok, O=NetLock Halozatbiztonsagi Kft., L=Budapest, C=HU Algorithm: RSA; Serial number: 0x69 Valid from Thu Feb 25 09:10:22 EST 1999 until Wed Feb 20 09:10:22 EST 2019 adding as trusted cert: Subject: CN=COMODO Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Issuer: CN=COMODO Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Algorithm: RSA; Serial number: 0x4e812d8a8265e00b02ee3e350246e53d Valid from Thu Nov 30 19:00:00 EST 2006 until Mon Dec 31 18:59:59 EST 2029 adding as trusted cert: Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4 Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4 Algorithm: EC; Serial number: 0x2a38a41c960a04de42b228a50be8349802 Valid from Mon Nov 12 19:00:00 EST 2012 until Mon Jan 18 22:14:07 EST 2038 adding as trusted cert: Subject: CN=AC Raíz Certicámara S.A., O=Sociedad Cameral de Certificación Digital - Certicámara S.A., C=CO Issuer: CN=AC Raíz Certicámara S.A., O=Sociedad Cameral de Certificación Digital - Certicámara S.A., C=CO Algorithm: RSA; Serial number: 0x77e52937be015e357f0698ccbec0c Valid from Mon Nov 27 15:46:29 EST 2006 until Tue Apr 02 17:42:02 EDT 2030 adding as trusted cert: Subject: EMAILADDRESS=pki@sk.ee, CN=EE Certification Centre Root CA, O=AS Sertifitseerimiskeskus, C=EE Issuer: EMAILADDRESS=pki@sk.ee, CN=EE Certification Centre Root CA, O=AS Sertifitseerimiskeskus, C=EE Algorithm: RSA; Serial number: 0x5480f9a073ed3f004cca89d8e371e64a Valid from Sat Oct 30 06:10:30 EDT 2010 until Tue Dec 17 18:59:59 EST 2030 adding as trusted cert: Subject: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU Issuer: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU Algorithm: RSA; Serial number: 0xc9cdd3e9d57d23ce Valid from Fri Aug 01 08:31:40 EDT 2008 until Sat Jul 31 08:31:40 EDT 2038 adding as trusted cert: Subject: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Issuer: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Algorithm: RSA; Serial number: 0x4caaf9cadb636fe01ff74ed85b03869d Valid from Mon Jan 18 19:00:00 EST 2010 until Mon Jan 18 18:59:59 EST 2038 adding as trusted cert: Subject: CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US Issuer: CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US Algorithm: RSA; Serial number: 0x600197b746a7eab4b49ad64b2ff790fb Valid from Tue Apr 01 20:00:00 EDT 2008 until Tue Dec 01 18:59:59 EST 2037 adding as trusted cert: Subject: OU=RSA Security 2048 V3, O=RSA Security Inc Issuer: OU=RSA Security 2048 V3, O=RSA Security Inc Algorithm: RSA; Serial number: 0xa0101010000027c0000000a00000002 Valid from Thu Feb 22 15:39:23 EST 2001 until Sun Feb 22 15:39:23 EST 2026 adding as trusted cert: Subject: CN=AffirmTrust Premium ECC, O=AffirmTrust, C=US Issuer: CN=AffirmTrust Premium ECC, O=AffirmTrust, C=US Algorithm: EC; Serial number: 0x7497258ac73f7a54 Valid from Fri Jan 29 09:20:24 EST 2010 until Mon Dec 31 09:20:24 EST 2040 adding as trusted cert: Subject: CN=Staat der Nederlanden Root CA - G2, O=Staat der Nederlanden, C=NL Issuer: CN=Staat der Nederlanden Root CA - G2, O=Staat der Nederlanden, C=NL Algorithm: RSA; Serial number: 0x98968c Valid from Wed Mar 26 07:18:17 EDT 2008 until Wed Mar 25 07:03:10 EDT 2020 adding as trusted cert: Subject: CN=Sonera Class1 CA, O=Sonera, C=FI Issuer: CN=Sonera Class1 CA, O=Sonera, C=FI Algorithm: RSA; Serial number: 0x24 Valid from Fri Apr 06 06:49:13 EDT 2001 until Tue Apr 06 06:49:13 EDT 2021 adding as trusted cert: Subject: CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE Issuer: CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE Algorithm: RSA; Serial number: 0x1 Valid from Wed Oct 01 06:40:14 EDT 2008 until Sat Oct 01 19:59:59 EDT 2033 adding as trusted cert: Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US Algorithm: RSA; Serial number: 0x4cc7eaaa983e71d39310f83d3a899192 Valid from Sun May 17 20:00:00 EDT 1998 until Tue Aug 01 19:59:59 EDT 2028 adding as trusted cert: Subject: CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US Issuer: CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US Algorithm: RSA; Serial number: 0x33af1e6a711a9a0bb2864b11d09fae5 Valid from Thu Aug 01 08:00:00 EDT 2013 until Fri Jan 15 07:00:00 EST 2038 adding as trusted cert: Subject: C=ES, O=EDICOM, OU=PKI, CN=ACEDICOM Root Issuer: C=ES, O=EDICOM, OU=PKI, CN=ACEDICOM Root Algorithm: RSA; Serial number: 0x618dc7863b018205 Valid from Fri Apr 18 12:24:22 EDT 2008 until Thu Apr 13 12:24:22 EDT 2028 trigger seeding of SecureRandom done seeding SecureRandom Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Thread-1, setSoTimeout(0) called Allow unsafe renegotiation: false Allow legacy hello messages: true Is initial handshake: true Is secure renegotiation: false Thread-1, setSoTimeout(0) called Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1 %% No cached client session *** ClientHello, TLSv1.2 RandomCookie: GMT: 1452059385 bytes = { 242, 33, 121, 188, 202, 17, 225, 34, 20, 144, 77, 22, 38, 189, 160, 86, 42, 74, 43, 96, 26, 200, 143, 7, 245, 104, 245, 78 } Session ID: {} Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] Compression Methods: { 0 } Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1} Extension ec_point_formats, formats: [uncompressed] Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA *** [write] MD5 and SHA1 hashes: len = 193 0000: 01 00 00 BD 03 03 57 8D AB F9 F2 21 79 BC CA 11 ......W....!y... 0010: E1 22 14 90 4D 16 26 BD A0 56 2A 4A 2B 60 1A C8 ."..M.&..V*J+`.. 0020: 8F 07 F5 68 F5 4E 00 00 3A C0 23 C0 27 00 3C C0 ...h.N..:.#.'.<. 0030: 25 C0 29 00 67 00 40 C0 09 C0 13 00 2F C0 04 C0 %.).g.@...../... 0040: 0E 00 33 00 32 C0 2B C0 2F 00 9C C0 2D C0 31 00 ..3.2.+./...-.1. 0050: 9E 00 A2 C0 08 C0 12 00 0A C0 03 C0 0D 00 16 00 ................ 0060: 13 00 FF 01 00 00 5A 00 0A 00 34 00 32 00 17 00 ......Z...4.2... 0070: 01 00 03 00 13 00 15 00 06 00 07 00 09 00 0A 00 ................ 0080: 18 00 0B 00 0C 00 19 00 0D 00 0E 00 0F 00 10 00 ................ 0090: 11 00 02 00 12 00 04 00 05 00 14 00 08 00 16 00 ................ 00A0: 0B 00 02 01 00 00 0D 00 18 00 16 06 03 06 01 05 ................ 00B0: 03 05 01 04 03 04 01 03 03 03 01 02 03 02 01 02 ................ 00C0: 02 . Thread-1, WRITE: TLSv1.2 Handshake, length = 193 [Raw write]: length = 198 0000: 16 03 03 00 C1 01 00 00 BD 03 03 57 8D AB F9 F2 ...........W.... 0010: 21 79 BC CA 11 E1 22 14 90 4D 16 26 BD A0 56 2A !y...."..M.&..V* 0020: 4A 2B 60 1A C8 8F 07 F5 68 F5 4E 00 00 3A C0 23 J+`.....h.N..:.# 0030: C0 27 00 3C C0 25 C0 29 00 67 00 40 C0 09 C0 13 .'.<.%.).g.@.... 0040: 00 2F C0 04 C0 0E 00 33 00 32 C0 2B C0 2F 00 9C ./.....3.2.+./.. 0050: C0 2D C0 31 00 9E 00 A2 C0 08 C0 12 00 0A C0 03 .-.1............ 0060: C0 0D 00 16 00 13 00 FF 01 00 00 5A 00 0A 00 34 ...........Z...4 0070: 00 32 00 17 00 01 00 03 00 13 00 15 00 06 00 07 .2.............. 0080: 00 09 00 0A 00 18 00 0B 00 0C 00 19 00 0D 00 0E ................ 0090: 00 0F 00 10 00 11 00 02 00 12 00 04 00 05 00 14 ................ 00A0: 00 08 00 16 00 0B 00 02 01 00 00 0D 00 18 00 16 ................ 00B0: 06 03 06 01 05 03 05 01 04 03 04 01 03 03 03 01 ................ 00C0: 02 03 02 01 02 02 ...... [Raw read]: length = 5 0000: 48 54 54 50 2F HTTP/ Thread-1, handling exception: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? Thread-1, SEND TLSv1.2 ALERT: fatal, description = unexpected_message Thread-1, WRITE: TLSv1.2 Alert, length = 2 [Raw write]: length = 7 0000: 15 03 03 00 02 02 0A ....... Thread-1, called closeSocket() Thread-1, called close() Thread-1, called closeInternal(true) Thread-1, called close() Thread-1, called closeInternal(true) Thread-1, called close() Thread-1, called closeInternal(true) 2016-07-19 00:26:33,500 ERROR [org.xdi.oxauth.client.OpenIdConfigurationClient] Unrecognized SSL message, plaintext connection? javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? at sun.security.ssl.InputRecord.handleUnknownRecord(InputRecord.java:710) at sun.security.ssl.InputRecord.read(InputRecord.java:527) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747) at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123) at org.apache.http.impl.io.AbstractSessionOutputBuffer.flushBuffer(AbstractSessionOutputBuffer.java:159) at org.apache.http.impl.io.AbstractSessionOutputBuffer.flush(AbstractSessionOutputBuffer.java:166) at org.apache.http.impl.AbstractHttpClientConnection.doFlush(AbstractHttpClientConnection.java:272) at org.apache.http.impl.AbstractHttpClientConnection.flush(AbstractHttpClientConnection.java:277) at org.apache.http.impl.conn.ManagedClientConnectionImpl.flush(ManagedClientConnectionImpl.java:175) at org.apache.http.protocol.HttpRequestExecutor.doSendRequest(HttpRequestExecutor.java:239) at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:121) at org.apache.http.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:717) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:522) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805) at org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor.execute(ApacheHttpClient4Executor.java:109) at org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:39) at org.jboss.resteasy.plugins.interceptors.encoding.AcceptEncodingGZIPInterceptor.execute(AcceptEncodingGZIPInterceptor.java:40) at org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:45) at org.jboss.resteasy.client.ClientRequest.execute(ClientRequest.java:443) at org.jboss.resteasy.client.ClientRequest.httpMethod(ClientRequest.java:677) at org.jboss.resteasy.client.ClientRequest.get(ClientRequest.java:479) at org.jboss.resteasy.client.ClientRequest.get(ClientRequest.java:508) at org.xdi.oxauth.client.OpenIdConfigurationClient._execOpenIdConfiguration(OpenIdConfigurationClient.java:102) at org.xdi.oxauth.client.OpenIdConfigurationClient.execOpenIdConfiguration(OpenIdConfigurationClient.java:78) at org.xdi.oxd.server.service.DiscoveryService.getConnectDiscoveryResponse(DiscoveryService.java:60) at org.xdi.oxd.server.op.ImplicitFlowOperation.execute(ImplicitFlowOperation.java:42) at org.xdi.oxd.server.Processor.process(Processor.java:90) at org.xdi.oxd.server.Processor.process(Processor.java:49) at org.xdi.oxd.server.SocketProcessor.run(SocketProcessor.java:61) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) 2016-07-19 00:26:33,503 ERROR [org.xdi.oxd.server.service.DiscoveryService] java.lang.NullPointerException at org.xdi.oxd.server.service.DiscoveryService.getConnectDiscoveryResponse(DiscoveryService.java:61) at org.xdi.oxd.server.op.ImplicitFlowOperation.execute(ImplicitFlowOperation.java:42) at org.xdi.oxd.server.Processor.process(Processor.java:90) at org.xdi.oxd.server.Processor.process(Processor.java:49) at org.xdi.oxd.server.SocketProcessor.run(SocketProcessor.java:61) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) 2016-07-19 00:26:33,504 ERROR [org.xdi.oxd.server.service.DiscoveryService] Unable to fetch discovery information for url: https://MY_SERVER_HOSTNAME/.well-known/openid-configuration 2016-07-19 00:26:33,561 TRACE [org.xdi.oxd.server.Processor] Send back response: {"status":"error","data":{"error":"internal_error","error_description":"Internal server error occurs."}} 2016-07-19 00:26:33,562 ERROR [org.xdi.oxd.server.SocketProcessor] Quit. Enable to process command. ```

By Yuriy Zabrovarnyy staff 20 Jul 2016 at 10:11 a.m. CDT

Copy
Yuriy Zabrovarnyy gravatar
From logs it is clear that you are calling plain connection (http) instead of https. ``` Unrecognized SSL message, plaintext connection? ``` Would you please make sure ssl is correctly configured at your Gluu Server installation? Does it work with trust_all option? Logs with separate trust store file are welcome too. Thanks, Yuriy Z

By Yuriy Zabrovarnyy staff 20 Jul 2016 at 10:12 a.m. CDT

Copy
Yuriy Zabrovarnyy gravatar
Please attach full oxd-server.log. It is both convenient to see all request and also compact and doesn't take huge space on support site. Thanks in advance, Yuriy Z

By Steve Sobol user 20 Jul 2016 at 10:33 a.m. CDT

Copy
Steve Sobol gravatar
Here it is. Please note that it was last modified six days ago. I downloaded the build you asked me to download, and have been using it for testing and I just redirected stdout and stderr to a file. I have not been logging to oxd-server.log. ``` 2016-07-14 01:20:42,159 INFO [org.xdi.oxd.server.ServerLauncher] Starting... 2016-07-14 01:20:42,658 TRACE [org.xdi.oxd.server.service.ConfigurationService] Try to load configuration from system property: oxd.server.config, value: /opt/oxd-server/conf/oxd-conf.json 2016-07-14 01:20:42,933 TRACE [org.xdi.oxd.server.service.ConfigurationService] Configuration loaded successfully from system property: oxd.server.config. 2016-07-14 01:20:42,933 TRACE [org.xdi.oxd.server.service.ConfigurationService] Configuration: Configuration{port=8099, timeOutInSeconds=0, opHost=https://sso.lobosstudios.com, localhostOnly=true, licenseServerEndpoint=, licenseId=} 2016-07-14 01:20:42,971 INFO [org.xdi.oxd.server.service.ConfigurationService] Configuration directory: /opt/oxd-server/conf 2016-07-14 01:20:42,975 TRACE [org.xdi.oxd.server.service.SiteConfigurationService] Loading site file name: oxd-default-site-config.json 2016-07-14 01:20:43,059 ERROR [org.xdi.oxd.server.license.LicenseUpdateService] Failed to start LicenseUpdateService. Configuration licenseId or licenseServerEndpoint is empty. 2016-07-14 01:20:43,060 DEBUG [org.xdi.oxd.server.license.LicenseService] licenseChanged: false 2016-07-14 01:20:43,060 DEBUG [org.xdi.oxd.server.license.LicenseService] License file location: /.oxd-license 2016-07-14 01:20:43,060 ERROR [org.xdi.oxd.server.license.LicenseFile] No content to map to Object due to end of input java.io.EOFException: No content to map to Object due to end of input at org.codehaus.jackson.map.ObjectMapper._initForReading(ObjectMapper.java:2775) at org.codehaus.jackson.map.ObjectMapper._readMapAndClose(ObjectMapper.java:2718) at org.codehaus.jackson.map.ObjectMapper.readValue(ObjectMapper.java:1909) at org.xdi.oxd.server.license.LicenseFile.create(LicenseFile.java:46) at org.xdi.oxd.server.license.LicenseService.loadLicenseFile(LicenseService.java:132) at org.xdi.oxd.server.license.LicenseService.validate(LicenseService.java:73) at org.xdi.oxd.server.license.LicenseService.<init>(LicenseService.java:56) at org.xdi.oxd.server.service.SocketService.listenSocket(SocketService.java:58) at org.xdi.oxd.server.ServerLauncher.startOxd(ServerLauncher.java:66) at org.xdi.oxd.server.ServerLauncher.start(ServerLauncher.java:58) at org.xdi.oxd.server.ServerLauncher.main(ServerLauncher.java:48) 2016-07-14 01:20:43,084 INFO [org.xdi.oxd.server.service.SocketService] Server socket is bound to port: 8099, with timeout: 0 seconds. Start listening for notifications. 2016-07-14 01:22:57,119 DEBUG [org.xdi.oxd.server.service.SocketService] Start new SocketProcessor... 2016-07-14 01:22:57,123 ERROR [org.xdi.oxd.server.license.LicenseUpdateService] Failed to start LicenseUpdateService. Configuration licenseId or licenseServerEndpoint is empty. 2016-07-14 01:22:57,124 DEBUG [org.xdi.oxd.server.license.LicenseService] licenseChanged: false 2016-07-14 01:22:57,124 DEBUG [org.xdi.oxd.server.license.LicenseService] License file location: /.oxd-license 2016-07-14 01:22:57,125 ERROR [org.xdi.oxd.server.license.LicenseFile] No content to map to Object due to end of input java.io.EOFException: No content to map to Object due to end of input at org.codehaus.jackson.map.ObjectMapper._initForReading(ObjectMapper.java:2775) at org.codehaus.jackson.map.ObjectMapper._readMapAndClose(ObjectMapper.java:2718) at org.codehaus.jackson.map.ObjectMapper.readValue(ObjectMapper.java:1909) at org.xdi.oxd.server.license.LicenseFile.create(LicenseFile.java:46) at org.xdi.oxd.server.license.LicenseService.loadLicenseFile(LicenseService.java:132) at org.xdi.oxd.server.license.LicenseService.validate(LicenseService.java:73) at org.xdi.oxd.server.license.LicenseService.<init>(LicenseService.java:56) at org.xdi.oxd.server.license.LicenseService$$FastClassByGuice$$bd74ee5e.newInstance(<generated>) at com.google.inject.internal.cglib.reflect.$FastConstructor.newInstance(FastConstructor.java:40) at com.google.inject.internal.DefaultConstructionProxyFactory$1.newInstance(DefaultConstructionProxyFactory.java:60) at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:85) at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:254) at com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:46) at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1031) at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40) at com.google.inject.Scopes$1$1.get(Scopes.java:65) at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40) at com.google.inject.internal.InjectorImpl$4$1.call(InjectorImpl.java:978) at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1024) at com.google.inject.internal.InjectorImpl$4.get(InjectorImpl.java:974) at com.google.inject.internal.InjectorImpl.getInstance(InjectorImpl.java:1013) at org.xdi.oxd.server.SocketProcessor.<init>(SocketProcessor.java:37) at org.xdi.oxd.server.service.SocketService.listenSocket(SocketService.java:85) at org.xdi.oxd.server.ServerLauncher.startOxd(ServerLauncher.java:66) at org.xdi.oxd.server.ServerLauncher.start(ServerLauncher.java:58) at org.xdi.oxd.server.ServerLauncher.main(ServerLauncher.java:48) 2016-07-14 01:22:57,135 TRACE [org.xdi.oxd.server.SocketProcessor] Socket processor handling... 2016-07-14 01:22:57,135 TRACE [org.xdi.oxd.common.CoreUtils] commandSize: -1, stringStorage: 2016-07-14 01:22:57,784 TRACE [org.xdi.oxd.common.CoreUtils] Parsed sizeString: 0364, commandSize: 364 2016-07-14 01:22:57,785 TRACE [org.xdi.oxd.common.CoreUtils] Read result: ReadResult{m_command='{"command":"implicit_flow","params":{"scope":"openid","nonce":"04617fcf-9534-48fd-8a26-c4b141f1e4bc","discovery_url":"https://sso.lobosstudios.com/.well-known/openid-configuration","redirect_url":"https://360.lobosstudios.com/callback","client_id":"@!2920.FAD2.FB38.9BC5!0001!9227.0E3D!0008!9EC6.7B6C","client_secret":"test","user_id":"test","user_secret":"test"}}', m_leftString=''} 2016-07-14 01:22:57,786 TRACE [org.xdi.oxd.server.Processor] Command: {"command":"implicit_flow","params":{"scope":"openid","nonce":"04617fcf-9534-48fd-8a26-c4b141f1e4bc","discovery_url":"https://sso.lobosstudios.com/.well-known/openid-configuration","redirect_url":"https://360.lobosstudios.com/callback","client_id":"@!2920.FAD2.FB38.9BC5!0001!9227.0E3D!0008!9EC6.7B6C","client_secret":"test","user_id":"test","user_secret":"test"}} 2016-07-14 01:22:57,870 TRACE [org.xdi.oxd.server.service.HttpService] Created TRUST_ALL client. 2016-07-14 01:22:58,808 ERROR [org.xdi.oxauth.client.OpenIdConfigurationClient] peer not authenticated javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431) at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:126) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572) at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180) at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294) at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:645) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:480) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805) at org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor.execute(ApacheHttpClient4Executor.java:109) at org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:39) at org.jboss.resteasy.plugins.interceptors.encoding.AcceptEncodingGZIPInterceptor.execute(AcceptEncodingGZIPInterceptor.java:40) at org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:45) at org.jboss.resteasy.client.ClientRequest.execute(ClientRequest.java:443) at org.jboss.resteasy.client.ClientRequest.httpMethod(ClientRequest.java:677) at org.jboss.resteasy.client.ClientRequest.get(ClientRequest.java:479) at org.jboss.resteasy.client.ClientRequest.get(ClientRequest.java:508) at org.xdi.oxauth.client.OpenIdConfigurationClient._execOpenIdConfiguration(OpenIdConfigurationClient.java:102) at org.xdi.oxauth.client.OpenIdConfigurationClient.execOpenIdConfiguration(OpenIdConfigurationClient.java:78) at org.xdi.oxd.server.service.DiscoveryService.getConnectDiscoveryResponse(DiscoveryService.java:60) at org.xdi.oxd.server.op.ImplicitFlowOperation.execute(ImplicitFlowOperation.java:42) at org.xdi.oxd.server.Processor.process(Processor.java:96) at org.xdi.oxd.server.Processor.process(Processor.java:50) at org.xdi.oxd.server.SocketProcessor.run(SocketProcessor.java:61) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) 2016-07-14 01:22:58,810 ERROR [org.xdi.oxd.server.service.DiscoveryService] java.lang.NullPointerException at org.xdi.oxd.server.service.DiscoveryService.getConnectDiscoveryResponse(DiscoveryService.java:61) at org.xdi.oxd.server.op.ImplicitFlowOperation.execute(ImplicitFlowOperation.java:42) at org.xdi.oxd.server.Processor.process(Processor.java:96) at org.xdi.oxd.server.Processor.process(Processor.java:50) at org.xdi.oxd.server.SocketProcessor.run(SocketProcessor.java:61) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) 2016-07-14 01:22:58,811 ERROR [org.xdi.oxd.server.service.DiscoveryService] Unable to fetch discovery information for url: https://sso.lobosstudios.com/.well-known/openid-configuration 2016-07-14 01:22:58,876 TRACE [org.xdi.oxd.server.Processor] Send back response: {"status":"error","data":{"error":"internal_error","error_description":"Internal server error occurs."}} 2016-07-14 01:22:58,877 ERROR [org.xdi.oxd.server.SocketProcessor] Quit. Enable to process command. 2016-07-14 12:28:36,212 INFO [org.xdi.oxd.server.ServerLauncher] Starting... 2016-07-14 12:28:36,593 TRACE [org.xdi.oxd.server.service.ConfigurationService] Try to load configuration from system property: oxd.server.config, value: /opt/oxd-server/conf/oxd-conf.json 2016-07-14 12:28:36,855 TRACE [org.xdi.oxd.server.service.ConfigurationService] Configuration loaded successfully from system property: oxd.server.config. 2016-07-14 12:28:36,856 TRACE [org.xdi.oxd.server.service.ConfigurationService] Configuration: Configuration{port=8099, timeOutInSeconds=0, opHost=https://sso.lobosstudios.com, localhostOnly=true, licenseServerEndpoint=, licenseId=} 2016-07-14 12:28:36,883 INFO [org.xdi.oxd.server.service.ConfigurationService] Configuration directory: /opt/oxd-server/conf 2016-07-14 12:28:36,888 TRACE [org.xdi.oxd.server.service.SiteConfigurationService] Loading site file name: oxd-default-site-config.json 2016-07-14 12:28:36,957 ERROR [org.xdi.oxd.server.license.LicenseUpdateService] Failed to start LicenseUpdateService. Configuration licenseId or licenseServerEndpoint is empty. 2016-07-14 12:28:36,958 DEBUG [org.xdi.oxd.server.license.LicenseService] licenseChanged: false 2016-07-14 12:28:36,958 DEBUG [org.xdi.oxd.server.license.LicenseService] License file location: /.oxd-license 2016-07-14 12:28:36,959 ERROR [org.xdi.oxd.server.license.LicenseFile] No content to map to Object due to end of input java.io.EOFException: No content to map to Object due to end of input at org.codehaus.jackson.map.ObjectMapper._initForReading(ObjectMapper.java:2775) at org.codehaus.jackson.map.ObjectMapper._readMapAndClose(ObjectMapper.java:2718) at org.codehaus.jackson.map.ObjectMapper.readValue(ObjectMapper.java:1909) at org.xdi.oxd.server.license.LicenseFile.create(LicenseFile.java:46) at org.xdi.oxd.server.license.LicenseService.loadLicenseFile(LicenseService.java:132) at org.xdi.oxd.server.license.LicenseService.validate(LicenseService.java:73) at org.xdi.oxd.server.license.LicenseService.<init>(LicenseService.java:56) at org.xdi.oxd.server.service.SocketService.listenSocket(SocketService.java:58) at org.xdi.oxd.server.ServerLauncher.startOxd(ServerLauncher.java:66) at org.xdi.oxd.server.ServerLauncher.start(ServerLauncher.java:58) at org.xdi.oxd.server.ServerLauncher.main(ServerLauncher.java:48) 2016-07-14 12:28:36,975 INFO [org.xdi.oxd.server.service.SocketService] Server socket is bound to port: 8099, with timeout: 0 seconds. Start listening for notifications. 2016-07-14 12:29:48,507 DEBUG [org.xdi.oxd.server.service.SocketService] Start new SocketProcessor... 2016-07-14 12:29:48,510 ERROR [org.xdi.oxd.server.license.LicenseUpdateService] Failed to start LicenseUpdateService. Configuration licenseId or licenseServerEndpoint is empty. 2016-07-14 12:29:48,510 DEBUG [org.xdi.oxd.server.license.LicenseService] licenseChanged: false 2016-07-14 12:29:48,511 DEBUG [org.xdi.oxd.server.license.LicenseService] License file location: /.oxd-license 2016-07-14 12:29:48,511 ERROR [org.xdi.oxd.server.license.LicenseFile] No content to map to Object due to end of input java.io.EOFException: No content to map to Object due to end of input at org.codehaus.jackson.map.ObjectMapper._initForReading(ObjectMapper.java:2775) at org.codehaus.jackson.map.ObjectMapper._readMapAndClose(ObjectMapper.java:2718) at org.codehaus.jackson.map.ObjectMapper.readValue(ObjectMapper.java:1909) at org.xdi.oxd.server.license.LicenseFile.create(LicenseFile.java:46) at org.xdi.oxd.server.license.LicenseService.loadLicenseFile(LicenseService.java:132) at org.xdi.oxd.server.license.LicenseService.validate(LicenseService.java:73) at org.xdi.oxd.server.license.LicenseService.<init>(LicenseService.java:56) at org.xdi.oxd.server.license.LicenseService$$FastClassByGuice$$bd74ee5e.newInstance(<generated>) at com.google.inject.internal.cglib.reflect.$FastConstructor.newInstance(FastConstructor.java:40) at com.google.inject.internal.DefaultConstructionProxyFactory$1.newInstance(DefaultConstructionProxyFactory.java:60) at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:85) at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:254) at com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:46) at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1031) at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40) at com.google.inject.Scopes$1$1.get(Scopes.java:65) at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40) at com.google.inject.internal.InjectorImpl$4$1.call(InjectorImpl.java:978) at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1024) at com.google.inject.internal.InjectorImpl$4.get(InjectorImpl.java:974) at com.google.inject.internal.InjectorImpl.getInstance(InjectorImpl.java:1013) at org.xdi.oxd.server.SocketProcessor.<init>(SocketProcessor.java:37) at org.xdi.oxd.server.service.SocketService.listenSocket(SocketService.java:85) at org.xdi.oxd.server.ServerLauncher.startOxd(ServerLauncher.java:66) at org.xdi.oxd.server.ServerLauncher.start(ServerLauncher.java:58) at org.xdi.oxd.server.ServerLauncher.main(ServerLauncher.java:48) 2016-07-14 12:29:48,517 TRACE [org.xdi.oxd.server.SocketProcessor] Socket processor handling... 2016-07-14 12:29:48,517 TRACE [org.xdi.oxd.common.CoreUtils] commandSize: -1, stringStorage: 2016-07-14 12:29:48,709 TRACE [org.xdi.oxd.common.CoreUtils] Parsed sizeString: 0364, commandSize: 364 2016-07-14 12:29:48,711 TRACE [org.xdi.oxd.common.CoreUtils] Read result: ReadResult{m_command='{"command":"implicit_flow","params":{"scope":"openid","nonce":"719129c9-c22e-4084-9916-d9092b36acc9","discovery_url":"https://sso.lobosstudios.com/.well-known/openid-configuration","redirect_url":"https://360.lobosstudios.com/callback","client_id":"@!2920.FAD2.FB38.9BC5!0001!9227.0E3D!0008!9EC6.7B6C","client_secret":"test","user_id":"test","user_secret":"test"}}', m_leftString=''} 2016-07-14 12:29:48,712 TRACE [org.xdi.oxd.server.Processor] Command: {"command":"implicit_flow","params":{"scope":"openid","nonce":"719129c9-c22e-4084-9916-d9092b36acc9","discovery_url":"https://sso.lobosstudios.com/.well-known/openid-configuration","redirect_url":"https://360.lobosstudios.com/callback","client_id":"@!2920.FAD2.FB38.9BC5!0001!9227.0E3D!0008!9EC6.7B6C","client_secret":"test","user_id":"test","user_secret":"test"}} 2016-07-14 12:29:48,804 TRACE [org.xdi.oxd.server.service.HttpService] Created TRUST_ALL client. 2016-07-14 12:29:49,696 ERROR [org.xdi.oxauth.client.OpenIdConfigurationClient] peer not authenticated javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431) at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:126) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572) at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180) at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294) at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:645) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:480) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805) at org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor.execute(ApacheHttpClient4Executor.java:109) at org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:39) at org.jboss.resteasy.plugins.interceptors.encoding.AcceptEncodingGZIPInterceptor.execute(AcceptEncodingGZIPInterceptor.java:40) at org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:45) at org.jboss.resteasy.client.ClientRequest.execute(ClientRequest.java:443) at org.jboss.resteasy.client.ClientRequest.httpMethod(ClientRequest.java:677) at org.jboss.resteasy.client.ClientRequest.get(ClientRequest.java:479) at org.jboss.resteasy.client.ClientRequest.get(ClientRequest.java:508) at org.xdi.oxauth.client.OpenIdConfigurationClient._execOpenIdConfiguration(OpenIdConfigurationClient.java:102) at org.xdi.oxauth.client.OpenIdConfigurationClient.execOpenIdConfiguration(OpenIdConfigurationClient.java:78) at org.xdi.oxd.server.service.DiscoveryService.getConnectDiscoveryResponse(DiscoveryService.java:60) at org.xdi.oxd.server.op.ImplicitFlowOperation.execute(ImplicitFlowOperation.java:42) at org.xdi.oxd.server.Processor.process(Processor.java:96) at org.xdi.oxd.server.Processor.process(Processor.java:50) at org.xdi.oxd.server.SocketProcessor.run(SocketProcessor.java:61) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) 2016-07-14 12:29:49,698 ERROR [org.xdi.oxd.server.service.DiscoveryService] java.lang.NullPointerException at org.xdi.oxd.server.service.DiscoveryService.getConnectDiscoveryResponse(DiscoveryService.java:61) at org.xdi.oxd.server.op.ImplicitFlowOperation.execute(ImplicitFlowOperation.java:42) at org.xdi.oxd.server.Processor.process(Processor.java:96) at org.xdi.oxd.server.Processor.process(Processor.java:50) at org.xdi.oxd.server.SocketProcessor.run(SocketProcessor.java:61) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) 2016-07-14 12:29:49,699 ERROR [org.xdi.oxd.server.service.DiscoveryService] Unable to fetch discovery information for url: https://sso.lobosstudios.com/.well-known/openid-configuration 2016-07-14 12:29:49,771 TRACE [org.xdi.oxd.server.Processor] Send back response: {"status":"error","data":{"error":"internal_error","error_description":"Internal server error occurs."}} 2016-07-14 12:29:49,774 ERROR [org.xdi.oxd.server.SocketProcessor] Quit. Enable to process command. 2016-07-14 12:32:04,065 INFO [org.xdi.oxd.server.ServerLauncher] Starting... 2016-07-14 12:32:04,570 TRACE [org.xdi.oxd.server.service.ConfigurationService] Try to load configuration from system property: oxd.server.config, value: /opt/oxd-server/conf/oxd-conf.json 2016-07-14 12:32:04,728 TRACE [org.xdi.oxd.server.service.ConfigurationService] Configuration loaded successfully from system property: oxd.server.config. 2016-07-14 12:32:04,728 TRACE [org.xdi.oxd.server.service.ConfigurationService] Configuration: Configuration{port=8099, timeOutInSeconds=0, opHost=https://sso.lobosstudios.com, localhostOnly=true, licenseServerEndpoint=, licenseId=} 2016-07-14 12:32:04,743 INFO [org.xdi.oxd.server.service.ConfigurationService] Configuration directory: /opt/oxd-server/conf 2016-07-14 12:32:04,746 TRACE [org.xdi.oxd.server.service.SiteConfigurationService] Loading site file name: oxd-default-site-config.json 2016-07-14 12:32:04,783 ERROR [org.xdi.oxd.server.license.LicenseUpdateService] Failed to start LicenseUpdateService. Configuration licenseId or licenseServerEndpoint is empty. 2016-07-14 12:32:04,784 DEBUG [org.xdi.oxd.server.license.LicenseService] licenseChanged: false 2016-07-14 12:32:04,784 DEBUG [org.xdi.oxd.server.license.LicenseService] License file location: /.oxd-license 2016-07-14 12:32:04,784 ERROR [org.xdi.oxd.server.license.LicenseFile] No content to map to Object due to end of input java.io.EOFException: No content to map to Object due to end of input at org.codehaus.jackson.map.ObjectMapper._initForReading(ObjectMapper.java:2775) at org.codehaus.jackson.map.ObjectMapper._readMapAndClose(ObjectMapper.java:2718) at org.codehaus.jackson.map.ObjectMapper.readValue(ObjectMapper.java:1909) at org.xdi.oxd.server.license.LicenseFile.create(LicenseFile.java:46) at org.xdi.oxd.server.license.LicenseService.loadLicenseFile(LicenseService.java:132) at org.xdi.oxd.server.license.LicenseService.validate(LicenseService.java:73) at org.xdi.oxd.server.license.LicenseService.<init>(LicenseService.java:56) at org.xdi.oxd.server.service.SocketService.listenSocket(SocketService.java:58) at org.xdi.oxd.server.ServerLauncher.startOxd(ServerLauncher.java:66) at org.xdi.oxd.server.ServerLauncher.start(ServerLauncher.java:58) at org.xdi.oxd.server.ServerLauncher.main(ServerLauncher.java:48) 2016-07-14 12:32:04,797 INFO [org.xdi.oxd.server.service.SocketService] Server socket is bound to port: 8099, with timeout: 0 seconds. Start listening for notifications. 2016-07-14 12:32:11,394 DEBUG [org.xdi.oxd.server.service.SocketService] Start new SocketProcessor... 2016-07-14 12:32:11,399 ERROR [org.xdi.oxd.server.license.LicenseUpdateService] Failed to start LicenseUpdateService. Configuration licenseId or licenseServerEndpoint is empty. 2016-07-14 12:32:11,399 DEBUG [org.xdi.oxd.server.license.LicenseService] licenseChanged: false 2016-07-14 12:32:11,400 DEBUG [org.xdi.oxd.server.license.LicenseService] License file location: /.oxd-license 2016-07-14 12:32:11,401 ERROR [org.xdi.oxd.server.license.LicenseFile] No content to map to Object due to end of input java.io.EOFException: No content to map to Object due to end of input at org.codehaus.jackson.map.ObjectMapper._initForReading(ObjectMapper.java:2775) at org.codehaus.jackson.map.ObjectMapper._readMapAndClose(ObjectMapper.java:2718) at org.codehaus.jackson.map.ObjectMapper.readValue(ObjectMapper.java:1909) at org.xdi.oxd.server.license.LicenseFile.create(LicenseFile.java:46) at org.xdi.oxd.server.license.LicenseService.loadLicenseFile(LicenseService.java:132) at org.xdi.oxd.server.license.LicenseService.validate(LicenseService.java:73) at org.xdi.oxd.server.license.LicenseService.<init>(LicenseService.java:56) at org.xdi.oxd.server.license.LicenseService$$FastClassByGuice$$bd74ee5e.newInstance(<generated>) at com.google.inject.internal.cglib.reflect.$FastConstructor.newInstance(FastConstructor.java:40) at com.google.inject.internal.DefaultConstructionProxyFactory$1.newInstance(DefaultConstructionProxyFactory.java:60) at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:85) at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:254) at com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:46) at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1031) at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40) at com.google.inject.Scopes$1$1.get(Scopes.java:65) at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40) at com.google.inject.internal.InjectorImpl$4$1.call(InjectorImpl.java:978) at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1024) at com.google.inject.internal.InjectorImpl$4.get(InjectorImpl.java:974) at com.google.inject.internal.InjectorImpl.getInstance(InjectorImpl.java:1013) at org.xdi.oxd.server.SocketProcessor.<init>(SocketProcessor.java:37) at org.xdi.oxd.server.service.SocketService.listenSocket(SocketService.java:85) at org.xdi.oxd.server.ServerLauncher.startOxd(ServerLauncher.java:66) at org.xdi.oxd.server.ServerLauncher.start(ServerLauncher.java:58) at org.xdi.oxd.server.ServerLauncher.main(ServerLauncher.java:48) 2016-07-14 12:32:11,410 TRACE [org.xdi.oxd.server.SocketProcessor] Socket processor handling... 2016-07-14 12:32:11,410 TRACE [org.xdi.oxd.common.CoreUtils] commandSize: -1, stringStorage: 2016-07-14 12:32:11,489 TRACE [org.xdi.oxd.common.CoreUtils] Parsed sizeString: 0364, commandSize: 364 2016-07-14 12:32:11,490 TRACE [org.xdi.oxd.common.CoreUtils] Read result: ReadResult{m_command='{"command":"implicit_flow","params":{"scope":"openid","nonce":"c997ea4a-e0e5-4568-9cb7-45877e642300","discovery_url":"https://sso.lobosstudios.com/.well-known/openid-configuration","redirect_url":"https://360.lobosstudios.com/callback","client_id":"@!2920.FAD2.FB38.9BC5!0001!9227.0E3D!0008!9EC6.7B6C","client_secret":"test","user_id":"test","user_secret":"test"}}', m_leftString=''} 2016-07-14 12:32:11,491 TRACE [org.xdi.oxd.server.Processor] Command: {"command":"implicit_flow","params":{"scope":"openid","nonce":"c997ea4a-e0e5-4568-9cb7-45877e642300","discovery_url":"https://sso.lobosstudios.com/.well-known/openid-configuration","redirect_url":"https://360.lobosstudios.com/callback","client_id":"@!2920.FAD2.FB38.9BC5!0001!9227.0E3D!0008!9EC6.7B6C","client_secret":"test","user_id":"test","user_secret":"test"}} 2016-07-14 12:32:11,561 TRACE [org.xdi.oxd.server.service.HttpService] Created TRUST_ALL client. 2016-07-14 12:32:12,468 ERROR [org.xdi.oxauth.client.OpenIdConfigurationClient] peer not authenticated javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431) at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:126) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572) at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180) at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294) at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:645) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:480) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805) at org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor.execute(ApacheHttpClient4Executor.java:109) at org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:39) at org.jboss.resteasy.plugins.interceptors.encoding.AcceptEncodingGZIPInterceptor.execute(AcceptEncodingGZIPInterceptor.java:40) at org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:45) at org.jboss.resteasy.client.ClientRequest.execute(ClientRequest.java:443) at org.jboss.resteasy.client.ClientRequest.httpMethod(ClientRequest.java:677) at org.jboss.resteasy.client.ClientRequest.get(ClientRequest.java:479) at org.jboss.resteasy.client.ClientRequest.get(ClientRequest.java:508) at org.xdi.oxauth.client.OpenIdConfigurationClient._execOpenIdConfiguration(OpenIdConfigurationClient.java:102) at org.xdi.oxauth.client.OpenIdConfigurationClient.execOpenIdConfiguration(OpenIdConfigurationClient.java:78) at org.xdi.oxd.server.service.DiscoveryService.getConnectDiscoveryResponse(DiscoveryService.java:60) at org.xdi.oxd.server.op.ImplicitFlowOperation.execute(ImplicitFlowOperation.java:42) at org.xdi.oxd.server.Processor.process(Processor.java:96) at org.xdi.oxd.server.Processor.process(Processor.java:50) at org.xdi.oxd.server.SocketProcessor.run(SocketProcessor.java:61) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) 2016-07-14 12:32:12,471 ERROR [org.xdi.oxd.server.service.DiscoveryService] java.lang.NullPointerException at org.xdi.oxd.server.service.DiscoveryService.getConnectDiscoveryResponse(DiscoveryService.java:61) at org.xdi.oxd.server.op.ImplicitFlowOperation.execute(ImplicitFlowOperation.java:42) at org.xdi.oxd.server.Processor.process(Processor.java:96) at org.xdi.oxd.server.Processor.process(Processor.java:50) at org.xdi.oxd.server.SocketProcessor.run(SocketProcessor.java:61) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) 2016-07-14 12:32:12,471 ERROR [org.xdi.oxd.server.service.DiscoveryService] Unable to fetch discovery information for url: https://sso.lobosstudios.com/.well-known/openid-configuration 2016-07-14 12:32:12,536 TRACE [org.xdi.oxd.server.Processor] Send back response: {"status":"error","data":{"error":"internal_error","error_description":"Internal server error occurs."}} 2016-07-14 12:32:12,538 ERROR [org.xdi.oxd.server.SocketProcessor] Quit. Enable to process command. 2016-07-14 12:35:53,183 INFO [org.xdi.oxd.server.ServerLauncher] Starting... 2016-07-14 12:35:53,588 TRACE [org.xdi.oxd.server.service.ConfigurationService] Try to load configuration from system property: oxd.server.config, value: /opt/oxd-server/conf/oxd-conf.json 2016-07-14 12:35:53,826 TRACE [org.xdi.oxd.server.service.ConfigurationService] Configuration loaded successfully from system property: oxd.server.config. 2016-07-14 12:35:53,827 TRACE [org.xdi.oxd.server.service.ConfigurationService] Configuration: Configuration{port=8099, timeOutInSeconds=0, opHost=https://sso.lobosstudios.com, localhostOnly=true, licenseServerEndpoint=, licenseId=} 2016-07-14 12:35:53,850 INFO [org.xdi.oxd.server.service.ConfigurationService] Configuration directory: /opt/oxd-server/conf 2016-07-14 12:35:53,855 TRACE [org.xdi.oxd.server.service.SiteConfigurationService] Loading site file name: oxd-default-site-config.json 2016-07-14 12:35:53,914 ERROR [org.xdi.oxd.server.license.LicenseUpdateService] Failed to start LicenseUpdateService. Configuration licenseId or licenseServerEndpoint is empty. 2016-07-14 12:35:53,914 DEBUG [org.xdi.oxd.server.license.LicenseService] licenseChanged: false 2016-07-14 12:35:53,914 DEBUG [org.xdi.oxd.server.license.LicenseService] License file location: /.oxd-license 2016-07-14 12:35:53,916 ERROR [org.xdi.oxd.server.license.LicenseFile] No content to map to Object due to end of input java.io.EOFException: No content to map to Object due to end of input at org.codehaus.jackson.map.ObjectMapper._initForReading(ObjectMapper.java:2775) at org.codehaus.jackson.map.ObjectMapper._readMapAndClose(ObjectMapper.java:2718) at org.codehaus.jackson.map.ObjectMapper.readValue(ObjectMapper.java:1909) at org.xdi.oxd.server.license.LicenseFile.create(LicenseFile.java:46) at org.xdi.oxd.server.license.LicenseService.loadLicenseFile(LicenseService.java:132) at org.xdi.oxd.server.license.LicenseService.validate(LicenseService.java:73) at org.xdi.oxd.server.license.LicenseService.<init>(LicenseService.java:56) at org.xdi.oxd.server.service.SocketService.listenSocket(SocketService.java:58) at org.xdi.oxd.server.ServerLauncher.startOxd(ServerLauncher.java:66) at org.xdi.oxd.server.ServerLauncher.start(ServerLauncher.java:58) at org.xdi.oxd.server.ServerLauncher.main(ServerLauncher.java:48) 2016-07-14 12:35:53,934 INFO [org.xdi.oxd.server.service.SocketService] Server socket is bound to port: 8099, with timeout: 0 seconds. Start listening for notifications. 2016-07-14 12:35:57,546 DEBUG [org.xdi.oxd.server.service.SocketService] Start new SocketProcessor... 2016-07-14 12:35:57,551 ERROR [org.xdi.oxd.server.license.LicenseUpdateService] Failed to start LicenseUpdateService. Configuration licenseId or licenseServerEndpoint is empty. 2016-07-14 12:35:57,551 DEBUG [org.xdi.oxd.server.license.LicenseService] licenseChanged: false 2016-07-14 12:35:57,552 DEBUG [org.xdi.oxd.server.license.LicenseService] License file location: /.oxd-license 2016-07-14 12:35:57,552 ERROR [org.xdi.oxd.server.license.LicenseFile] No content to map to Object due to end of input java.io.EOFException: No content to map to Object due to end of input at org.codehaus.jackson.map.ObjectMapper._initForReading(ObjectMapper.java:2775) at org.codehaus.jackson.map.ObjectMapper._readMapAndClose(ObjectMapper.java:2718) at org.codehaus.jackson.map.ObjectMapper.readValue(ObjectMapper.java:1909) at org.xdi.oxd.server.license.LicenseFile.create(LicenseFile.java:46) at org.xdi.oxd.server.license.LicenseService.loadLicenseFile(LicenseService.java:132) at org.xdi.oxd.server.license.LicenseService.validate(LicenseService.java:73) at org.xdi.oxd.server.license.LicenseService.<init>(LicenseService.java:56) at org.xdi.oxd.server.license.LicenseService$$FastClassByGuice$$bd74ee5e.newInstance(<generated>) at com.google.inject.internal.cglib.reflect.$FastConstructor.newInstance(FastConstructor.java:40) at com.google.inject.internal.DefaultConstructionProxyFactory$1.newInstance(DefaultConstructionProxyFactory.java:60) at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:85) at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:254) at com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:46) at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1031) at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40) at com.google.inject.Scopes$1$1.get(Scopes.java:65) at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40) at com.google.inject.internal.InjectorImpl$4$1.call(InjectorImpl.java:978) at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1024) at com.google.inject.internal.InjectorImpl$4.get(InjectorImpl.java:974) at com.google.inject.internal.InjectorImpl.getInstance(InjectorImpl.java:1013) at org.xdi.oxd.server.SocketProcessor.<init>(SocketProcessor.java:37) at org.xdi.oxd.server.service.SocketService.listenSocket(SocketService.java:85) at org.xdi.oxd.server.ServerLauncher.startOxd(ServerLauncher.java:66) at org.xdi.oxd.server.ServerLauncher.start(ServerLauncher.java:58) at org.xdi.oxd.server.ServerLauncher.main(ServerLauncher.java:48) 2016-07-14 12:35:57,558 TRACE [org.xdi.oxd.server.SocketProcessor] Socket processor handling... 2016-07-14 12:35:57,559 TRACE [org.xdi.oxd.common.CoreUtils] commandSize: -1, stringStorage: 2016-07-14 12:35:57,643 TRACE [org.xdi.oxd.common.CoreUtils] Parsed sizeString: 0364, commandSize: 364 2016-07-14 12:35:57,644 TRACE [org.xdi.oxd.common.CoreUtils] Read result: ReadResult{m_command='{"command":"implicit_flow","params":{"scope":"openid","nonce":"4536a526-e673-4098-8a52-bd13d0fff05f","discovery_url":"https://sso.lobosstudios.com/.well-known/openid-configuration","redirect_url":"https://360.lobosstudios.com/callback","client_id":"@!2920.FAD2.FB38.9BC5!0001!9227.0E3D!0008!9EC6.7B6C","client_secret":"test","user_id":"test","user_secret":"test"}}', m_leftString=''} 2016-07-14 12:35:57,645 TRACE [org.xdi.oxd.server.Processor] Command: {"command":"implicit_flow","params":{"scope":"openid","nonce":"4536a526-e673-4098-8a52-bd13d0fff05f","discovery_url":"https://sso.lobosstudios.com/.well-known/openid-configuration","redirect_url":"https://360.lobosstudios.com/callback","client_id":"@!2920.FAD2.FB38.9BC5!0001!9227.0E3D!0008!9EC6.7B6C","client_secret":"test","user_id":"test","user_secret":"test"}} 2016-07-14 12:35:57,702 TRACE [org.xdi.oxd.server.service.HttpService] Created TRUST_ALL client. 2016-07-14 12:35:58,699 ERROR [org.xdi.oxauth.client.OpenIdConfigurationClient] peer not authenticated javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431) at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:126) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572) at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180) at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294) at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:645) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:480) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805) at org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor.execute(ApacheHttpClient4Executor.java:109) at org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:39) at org.jboss.resteasy.plugins.interceptors.encoding.AcceptEncodingGZIPInterceptor.execute(AcceptEncodingGZIPInterceptor.java:40) at org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:45) at org.jboss.resteasy.client.ClientRequest.execute(ClientRequest.java:443) at org.jboss.resteasy.client.ClientRequest.httpMethod(ClientRequest.java:677) at org.jboss.resteasy.client.ClientRequest.get(ClientRequest.java:479) at org.jboss.resteasy.client.ClientRequest.get(ClientRequest.java:508) at org.xdi.oxauth.client.OpenIdConfigurationClient._execOpenIdConfiguration(OpenIdConfigurationClient.java:102) at org.xdi.oxauth.client.OpenIdConfigurationClient.execOpenIdConfiguration(OpenIdConfigurationClient.java:78) at org.xdi.oxd.server.service.DiscoveryService.getConnectDiscoveryResponse(DiscoveryService.java:60) at org.xdi.oxd.server.op.ImplicitFlowOperation.execute(ImplicitFlowOperation.java:42) at org.xdi.oxd.server.Processor.process(Processor.java:96) at org.xdi.oxd.server.Processor.process(Processor.java:50) at org.xdi.oxd.server.SocketProcessor.run(SocketProcessor.java:61) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) 2016-07-14 12:35:58,702 ERROR [org.xdi.oxd.server.service.DiscoveryService] java.lang.NullPointerException at org.xdi.oxd.server.service.DiscoveryService.getConnectDiscoveryResponse(DiscoveryService.java:61) at org.xdi.oxd.server.op.ImplicitFlowOperation.execute(ImplicitFlowOperation.java:42) at org.xdi.oxd.server.Processor.process(Processor.java:96) at org.xdi.oxd.server.Processor.process(Processor.java:50) at org.xdi.oxd.server.SocketProcessor.run(SocketProcessor.java:61) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) 2016-07-14 12:35:58,705 ERROR [org.xdi.oxd.server.service.DiscoveryService] Unable to fetch discovery information for url: https://sso.lobosstudios.com/.well-known/openid-configuration 2016-07-14 12:35:58,747 TRACE [org.xdi.oxd.server.Processor] Send back response: {"status":"error","data":{"error":"internal_error","error_description":"Internal server error occurs."}} 2016-07-14 12:35:58,748 ERROR [org.xdi.oxd.server.SocketProcessor] Quit. Enable to process command. 2016-07-14 12:43:28,166 INFO [org.xdi.oxd.server.ServerLauncher] Starting... 2016-07-14 12:43:28,630 TRACE [org.xdi.oxd.server.service.ConfigurationService] Try to load configuration from system property: oxd.server.config, value: /opt/oxd-server/conf/oxd-conf.json 2016-07-14 12:43:28,960 TRACE [org.xdi.oxd.server.service.ConfigurationService] Configuration loaded successfully from system property: oxd.server.config. 2016-07-14 12:43:28,960 TRACE [org.xdi.oxd.server.service.ConfigurationService] Configuration: Configuration{port=8099, timeOutInSeconds=0, opHost=https://sso.lobosstudios.com, localhostOnly=true, licenseServerEndpoint=, licenseId=} 2016-07-14 12:43:28,992 INFO [org.xdi.oxd.server.service.ConfigurationService] Configuration directory: /opt/oxd-server/conf 2016-07-14 12:43:28,999 TRACE [org.xdi.oxd.server.service.SiteConfigurationService] Loading site file name: oxd-default-site-config.json 2016-07-14 12:43:29,104 ERROR [org.xdi.oxd.server.license.LicenseUpdateService] Failed to start LicenseUpdateService. Configuration licenseId or licenseServerEndpoint is empty. 2016-07-14 12:43:29,104 DEBUG [org.xdi.oxd.server.license.LicenseService] licenseChanged: false 2016-07-14 12:43:29,105 DEBUG [org.xdi.oxd.server.license.LicenseService] License file location: /.oxd-license 2016-07-14 12:43:29,106 ERROR [org.xdi.oxd.server.license.LicenseFile] No content to map to Object due to end of input java.io.EOFException: No content to map to Object due to end of input at org.codehaus.jackson.map.ObjectMapper._initForReading(ObjectMapper.java:2775) at org.codehaus.jackson.map.ObjectMapper._readMapAndClose(ObjectMapper.java:2718) at org.codehaus.jackson.map.ObjectMapper.readValue(ObjectMapper.java:1909) at org.xdi.oxd.server.license.LicenseFile.create(LicenseFile.java:46) at org.xdi.oxd.server.license.LicenseService.loadLicenseFile(LicenseService.java:132) at org.xdi.oxd.server.license.LicenseService.validate(LicenseService.java:73) at org.xdi.oxd.server.license.LicenseService.<init>(LicenseService.java:56) at org.xdi.oxd.server.service.SocketService.listenSocket(SocketService.java:58) at org.xdi.oxd.server.ServerLauncher.startOxd(ServerLauncher.java:66) at org.xdi.oxd.server.ServerLauncher.start(ServerLauncher.java:58) at org.xdi.oxd.server.ServerLauncher.main(ServerLauncher.java:48) 2016-07-14 12:43:29,126 INFO [org.xdi.oxd.server.service.SocketService] Server socket is bound to port: 8099, with timeout: 0 seconds. Start listening for notifications. 2016-07-14 12:43:39,206 DEBUG [org.xdi.oxd.server.service.SocketService] Start new SocketProcessor... 2016-07-14 12:43:39,209 ERROR [org.xdi.oxd.server.license.LicenseUpdateService] Failed to start LicenseUpdateService. Configuration licenseId or licenseServerEndpoint is empty. 2016-07-14 12:43:39,210 DEBUG [org.xdi.oxd.server.license.LicenseService] licenseChanged: false 2016-07-14 12:43:39,211 DEBUG [org.xdi.oxd.server.license.LicenseService] License file location: /.oxd-license 2016-07-14 12:43:39,211 ERROR [org.xdi.oxd.server.license.LicenseFile] No content to map to Object due to end of input java.io.EOFException: No content to map to Object due to end of input at org.codehaus.jackson.map.ObjectMapper._initForReading(ObjectMapper.java:2775) at org.codehaus.jackson.map.ObjectMapper._readMapAndClose(ObjectMapper.java:2718) at org.codehaus.jackson.map.ObjectMapper.readValue(ObjectMapper.java:1909) at org.xdi.oxd.server.license.LicenseFile.create(LicenseFile.java:46) at org.xdi.oxd.server.license.LicenseService.loadLicenseFile(LicenseService.java:132) at org.xdi.oxd.server.license.LicenseService.validate(LicenseService.java:73) at org.xdi.oxd.server.license.LicenseService.<init>(LicenseService.java:56) at org.xdi.oxd.server.license.LicenseService$$FastClassByGuice$$bd74ee5e.newInstance(<generated>) at com.google.inject.internal.cglib.reflect.$FastConstructor.newInstance(FastConstructor.java:40) at com.google.inject.internal.DefaultConstructionProxyFactory$1.newInstance(DefaultConstructionProxyFactory.java:60) at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:85) at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:254) at com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:46) at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1031) at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40) at com.google.inject.Scopes$1$1.get(Scopes.java:65) at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40) at com.google.inject.internal.InjectorImpl$4$1.call(InjectorImpl.java:978) at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1024) at com.google.inject.internal.InjectorImpl$4.get(InjectorImpl.java:974) at com.google.inject.internal.InjectorImpl.getInstance(InjectorImpl.java:1013) at org.xdi.oxd.server.SocketProcessor.<init>(SocketProcessor.java:37) at org.xdi.oxd.server.service.SocketService.listenSocket(SocketService.java:85) at org.xdi.oxd.server.ServerLauncher.startOxd(ServerLauncher.java:66) at org.xdi.oxd.server.ServerLauncher.start(ServerLauncher.java:58) at org.xdi.oxd.server.ServerLauncher.main(ServerLauncher.java:48) 2016-07-14 12:43:39,220 TRACE [org.xdi.oxd.server.SocketProcessor] Socket processor handling... 2016-07-14 12:43:39,220 TRACE [org.xdi.oxd.common.CoreUtils] commandSize: -1, stringStorage: 2016-07-14 12:43:39,298 TRACE [org.xdi.oxd.common.CoreUtils] Parsed sizeString: 0364, commandSize: 364 2016-07-14 12:43:39,300 TRACE [org.xdi.oxd.common.CoreUtils] Read result: ReadResult{m_command='{"command":"implicit_flow","params":{"scope":"openid","nonce":"9f5f6d96-9095-4168-b4f7-82dbe11301f1","discovery_url":"https://sso.lobosstudios.com/.well-known/openid-configuration","redirect_url":"https://360.lobosstudios.com/callback","client_id":"@!2920.FAD2.FB38.9BC5!0001!9227.0E3D!0008!9EC6.7B6C","client_secret":"test","user_id":"test","user_secret":"test"}}', m_leftString=''} 2016-07-14 12:43:39,300 TRACE [org.xdi.oxd.server.Processor] Command: {"command":"implicit_flow","params":{"scope":"openid","nonce":"9f5f6d96-9095-4168-b4f7-82dbe11301f1","discovery_url":"https://sso.lobosstudios.com/.well-known/openid-configuration","redirect_url":"https://360.lobosstudios.com/callback","client_id":"@!2920.FAD2.FB38.9BC5!0001!9227.0E3D!0008!9EC6.7B6C","client_secret":"test","user_id":"test","user_secret":"test"}} 2016-07-14 12:43:39,384 TRACE [org.xdi.oxd.server.service.HttpService] Created TRUST_ALL client. 2016-07-14 12:43:40,279 ERROR [org.xdi.oxauth.client.OpenIdConfigurationClient] peer not authenticated javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431) at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:126) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572) at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180) at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294) at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:645) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:480) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805) at org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor.execute(ApacheHttpClient4Executor.java:109) at org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:39) at org.jboss.resteasy.plugins.interceptors.encoding.AcceptEncodingGZIPInterceptor.execute(AcceptEncodingGZIPInterceptor.java:40) at org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:45) at org.jboss.resteasy.client.ClientRequest.execute(ClientRequest.java:443) at org.jboss.resteasy.client.ClientRequest.httpMethod(ClientRequest.java:677) at org.jboss.resteasy.client.ClientRequest.get(ClientRequest.java:479) at org.jboss.resteasy.client.ClientRequest.get(ClientRequest.java:508) at org.xdi.oxauth.client.OpenIdConfigurationClient._execOpenIdConfiguration(OpenIdConfigurationClient.java:102) at org.xdi.oxauth.client.OpenIdConfigurationClient.execOpenIdConfiguration(OpenIdConfigurationClient.java:78) at org.xdi.oxd.server.service.DiscoveryService.getConnectDiscoveryResponse(DiscoveryService.java:60) at org.xdi.oxd.server.op.ImplicitFlowOperation.execute(ImplicitFlowOperation.java:42) at org.xdi.oxd.server.Processor.process(Processor.java:96) at org.xdi.oxd.server.Processor.process(Processor.java:50) at org.xdi.oxd.server.SocketProcessor.run(SocketProcessor.java:61) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) 2016-07-14 12:43:40,283 ERROR [org.xdi.oxd.server.service.DiscoveryService] java.lang.NullPointerException at org.xdi.oxd.server.service.DiscoveryService.getConnectDiscoveryResponse(DiscoveryService.java:61) at org.xdi.oxd.server.op.ImplicitFlowOperation.execute(ImplicitFlowOperation.java:42) at org.xdi.oxd.server.Processor.process(Processor.java:96) at org.xdi.oxd.server.Processor.process(Processor.java:50) at org.xdi.oxd.server.SocketProcessor.run(SocketProcessor.java:61) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) 2016-07-14 12:43:40,284 ERROR [org.xdi.oxd.server.service.DiscoveryService] Unable to fetch discovery information for url: https://sso.lobosstudios.com/.well-known/openid-configuration 2016-07-14 12:43:40,344 TRACE [org.xdi.oxd.server.Processor] Send back response: {"status":"error","data":{"error":"internal_error","error_description":"Internal server error occurs."}} 2016-07-14 12:43:40,345 ERROR [org.xdi.oxd.server.SocketProcessor] Quit. Enable to process command. 2016-07-14 12:49:26,645 INFO [org.xdi.oxd.server.ServerLauncher] Starting... 2016-07-14 12:49:27,288 TRACE [org.xdi.oxd.server.service.ConfigurationService] Try to load configuration from system property: oxd.server.config, value: /opt/oxd-server/conf/oxd-conf.json 2016-07-14 12:49:27,438 TRACE [org.xdi.oxd.server.service.ConfigurationService] Configuration loaded successfully from system property: oxd.server.config. 2016-07-14 12:49:27,439 TRACE [org.xdi.oxd.server.service.ConfigurationService] Configuration: Configuration{port=8099, timeOutInSeconds=0, opHost=https://sso.lobosstudios.com, localhostOnly=true, licenseServerEndpoint=, licenseId=} 2016-07-14 12:49:27,453 INFO [org.xdi.oxd.server.service.ConfigurationService] Configuration directory: /opt/oxd-server/conf 2016-07-14 12:49:27,456 TRACE [org.xdi.oxd.server.service.SiteConfigurationService] Loading site file name: oxd-default-site-config.json 2016-07-14 12:49:27,490 ERROR [org.xdi.oxd.server.license.LicenseUpdateService] Failed to start LicenseUpdateService. Configuration licenseId or licenseServerEndpoint is empty. 2016-07-14 12:49:27,490 DEBUG [org.xdi.oxd.server.license.LicenseService] licenseChanged: false 2016-07-14 12:49:27,491 DEBUG [org.xdi.oxd.server.license.LicenseService] License file location: /.oxd-license 2016-07-14 12:49:27,491 ERROR [org.xdi.oxd.server.license.LicenseFile] No content to map to Object due to end of input java.io.EOFException: No content to map to Object due to end of input at org.codehaus.jackson.map.ObjectMapper._initForReading(ObjectMapper.java:2775) at org.codehaus.jackson.map.ObjectMapper._readMapAndClose(ObjectMapper.java:2718) at org.codehaus.jackson.map.ObjectMapper.readValue(ObjectMapper.java:1909) at org.xdi.oxd.server.license.LicenseFile.create(LicenseFile.java:46) at org.xdi.oxd.server.license.LicenseService.loadLicenseFile(LicenseService.java:132) at org.xdi.oxd.server.license.LicenseService.validate(LicenseService.java:73) at org.xdi.oxd.server.license.LicenseService.<init>(LicenseService.java:56) at org.xdi.oxd.server.service.SocketService.listenSocket(SocketService.java:58) at org.xdi.oxd.server.ServerLauncher.startOxd(ServerLauncher.java:66) at org.xdi.oxd.server.ServerLauncher.start(ServerLauncher.java:58) at org.xdi.oxd.server.ServerLauncher.main(ServerLauncher.java:48) 2016-07-14 12:49:27,504 INFO [org.xdi.oxd.server.service.SocketService] Server socket is bound to port: 8099, with timeout: 0 seconds. Start listening for notifications. 2016-07-14 12:49:31,353 DEBUG [org.xdi.oxd.server.service.SocketService] Start new SocketProcessor... 2016-07-14 12:49:31,357 ERROR [org.xdi.oxd.server.license.LicenseUpdateService] Failed to start LicenseUpdateService. Configuration licenseId or licenseServerEndpoint is empty. 2016-07-14 12:49:31,357 DEBUG [org.xdi.oxd.server.license.LicenseService] licenseChanged: false 2016-07-14 12:49:31,358 DEBUG [org.xdi.oxd.server.license.LicenseService] License file location: /.oxd-license 2016-07-14 12:49:31,358 ERROR [org.xdi.oxd.server.license.LicenseFile] No content to map to Object due to end of input java.io.EOFException: No content to map to Object due to end of input at org.codehaus.jackson.map.ObjectMapper._initForReading(ObjectMapper.java:2775) at org.codehaus.jackson.map.ObjectMapper._readMapAndClose(ObjectMapper.java:2718) at org.codehaus.jackson.map.ObjectMapper.readValue(ObjectMapper.java:1909) at org.xdi.oxd.server.license.LicenseFile.create(LicenseFile.java:46) at org.xdi.oxd.server.license.LicenseService.loadLicenseFile(LicenseService.java:132) at org.xdi.oxd.server.license.LicenseService.validate(LicenseService.java:73) at org.xdi.oxd.server.license.LicenseService.<init>(LicenseService.java:56) at org.xdi.oxd.server.license.LicenseService$$FastClassByGuice$$bd74ee5e.newInstance(<generated>) at com.google.inject.internal.cglib.reflect.$FastConstructor.newInstance(FastConstructor.java:40) at com.google.inject.internal.DefaultConstructionProxyFactory$1.newInstance(DefaultConstructionProxyFactory.java:60) at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:85) at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:254) at com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:46) at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1031) at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40) at com.google.inject.Scopes$1$1.get(Scopes.java:65) at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40) at com.google.inject.internal.InjectorImpl$4$1.call(InjectorImpl.java:978) at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1024) at com.google.inject.internal.InjectorImpl$4.get(InjectorImpl.java:974) at com.google.inject.internal.InjectorImpl.getInstance(InjectorImpl.java:1013) at org.xdi.oxd.server.SocketProcessor.<init>(SocketProcessor.java:37) at org.xdi.oxd.server.service.SocketService.listenSocket(SocketService.java:85) at org.xdi.oxd.server.ServerLauncher.startOxd(ServerLauncher.java:66) at org.xdi.oxd.server.ServerLauncher.start(ServerLauncher.java:58) at org.xdi.oxd.server.ServerLauncher.main(ServerLauncher.java:48) 2016-07-14 12:49:31,366 TRACE [org.xdi.oxd.server.SocketProcessor] Socket processor handling... 2016-07-14 12:49:31,367 TRACE [org.xdi.oxd.common.CoreUtils] commandSize: -1, stringStorage: 2016-07-14 12:49:31,448 TRACE [org.xdi.oxd.common.CoreUtils] Parsed sizeString: 0364, commandSize: 364 2016-07-14 12:49:31,450 TRACE [org.xdi.oxd.common.CoreUtils] Read result: ReadResult{m_command='{"command":"implicit_flow","params":{"scope":"openid","nonce":"b186a4f4-22a4-43a9-98ae-1afafab53501","discovery_url":"https://sso.lobosstudios.com/.well-known/openid-configuration","redirect_url":"https://360.lobosstudios.com/callback","client_id":"@!2920.FAD2.FB38.9BC5!0001!9227.0E3D!0008!9EC6.7B6C","client_secret":"test","user_id":"test","user_secret":"test"}}', m_leftString=''} 2016-07-14 12:49:31,450 TRACE [org.xdi.oxd.server.Processor] Command: {"command":"implicit_flow","params":{"scope":"openid","nonce":"b186a4f4-22a4-43a9-98ae-1afafab53501","discovery_url":"https://sso.lobosstudios.com/.well-known/openid-configuration","redirect_url":"https://360.lobosstudios.com/callback","client_id":"@!2920.FAD2.FB38.9BC5!0001!9227.0E3D!0008!9EC6.7B6C","client_secret":"test","user_id":"test","user_secret":"test"}} 2016-07-14 12:49:31,524 TRACE [org.xdi.oxd.server.service.HttpService] Created TRUST_ALL client. 2016-07-14 12:49:32,387 ERROR [org.xdi.oxauth.client.OpenIdConfigurationClient] peer not authenticated javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431) at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:126) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572) at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180) at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294) at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:645) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:480) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805) at org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor.execute(ApacheHttpClient4Executor.java:109) at org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:39) at org.jboss.resteasy.plugins.interceptors.encoding.AcceptEncodingGZIPInterceptor.execute(AcceptEncodingGZIPInterceptor.java:40) at org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:45) at org.jboss.resteasy.client.ClientRequest.execute(ClientRequest.java:443) at org.jboss.resteasy.client.ClientRequest.httpMethod(ClientRequest.java:677) at org.jboss.resteasy.client.ClientRequest.get(ClientRequest.java:479) at org.jboss.resteasy.client.ClientRequest.get(ClientRequest.java:508) at org.xdi.oxauth.client.OpenIdConfigurationClient._execOpenIdConfiguration(OpenIdConfigurationClient.java:102) at org.xdi.oxauth.client.OpenIdConfigurationClient.execOpenIdConfiguration(OpenIdConfigurationClient.java:78) at org.xdi.oxd.server.service.DiscoveryService.getConnectDiscoveryResponse(DiscoveryService.java:60) at org.xdi.oxd.server.op.ImplicitFlowOperation.execute(ImplicitFlowOperation.java:42) at org.xdi.oxd.server.Processor.process(Processor.java:96) at org.xdi.oxd.server.Processor.process(Processor.java:50) at org.xdi.oxd.server.SocketProcessor.run(SocketProcessor.java:61) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) 2016-07-14 12:49:32,390 ERROR [org.xdi.oxd.server.service.DiscoveryService] java.lang.NullPointerException at org.xdi.oxd.server.service.DiscoveryService.getConnectDiscoveryResponse(DiscoveryService.java:61) at org.xdi.oxd.server.op.ImplicitFlowOperation.execute(ImplicitFlowOperation.java:42) at org.xdi.oxd.server.Processor.process(Processor.java:96) at org.xdi.oxd.server.Processor.process(Processor.java:50) at org.xdi.oxd.server.SocketProcessor.run(SocketProcessor.java:61) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) 2016-07-14 12:49:32,391 ERROR [org.xdi.oxd.server.service.DiscoveryService] Unable to fetch discovery information for url: https://sso.lobosstudios.com/.well-known/openid-configuration 2016-07-14 12:49:32,474 TRACE [org.xdi.oxd.server.Processor] Send back response: {"status":"error","data":{"error":"internal_error","error_description":"Internal server error occurs."}} 2016-07-14 12:49:32,480 ERROR [org.xdi.oxd.server.SocketProcessor] Quit. Enable to process command. 2016-07-14 12:51:13,203 INFO [org.xdi.oxd.server.ServerLauncher] Starting... 2016-07-14 12:51:13,582 TRACE [org.xdi.oxd.server.service.ConfigurationService] Try to load configuration from system property: oxd.server.config, value: /opt/oxd-server/conf/oxd-conf.json 2016-07-14 12:51:13,935 TRACE [org.xdi.oxd.server.service.ConfigurationService] Configuration loaded successfully from system property: oxd.server.config. 2016-07-14 12:51:13,936 TRACE [org.xdi.oxd.server.service.ConfigurationService] Configuration: Configuration{port=8099, timeOutInSeconds=0, opHost=https://sso.lobosstudios.com, localhostOnly=true, licenseServerEndpoint=, licenseId=} 2016-07-14 12:51:13,968 INFO [org.xdi.oxd.server.service.ConfigurationService] Configuration directory: /opt/oxd-server/conf 2016-07-14 12:51:13,974 TRACE [org.xdi.oxd.server.service.SiteConfigurationService] Loading site file name: oxd-default-site-config.json 2016-07-14 12:51:14,060 ERROR [org.xdi.oxd.server.license.LicenseUpdateService] Failed to start LicenseUpdateService. Configuration licenseId or licenseServerEndpoint is empty. 2016-07-14 12:51:14,060 DEBUG [org.xdi.oxd.server.license.LicenseService] licenseChanged: false 2016-07-14 12:51:14,061 DEBUG [org.xdi.oxd.server.license.LicenseService] License file location: /.oxd-license 2016-07-14 12:51:14,062 ERROR [org.xdi.oxd.server.license.LicenseFile] No content to map to Object due to end of input java.io.EOFException: No content to map to Object due to end of input at org.codehaus.jackson.map.ObjectMapper._initForReading(ObjectMapper.java:2775) at org.codehaus.jackson.map.ObjectMapper._readMapAndClose(ObjectMapper.java:2718) at org.codehaus.jackson.map.ObjectMapper.readValue(ObjectMapper.java:1909) at org.xdi.oxd.server.license.LicenseFile.create(LicenseFile.java:46) at org.xdi.oxd.server.license.LicenseService.loadLicenseFile(LicenseService.java:132) at org.xdi.oxd.server.license.LicenseService.validate(LicenseService.java:73) at org.xdi.oxd.server.license.LicenseService.<init>(LicenseService.java:56) at org.xdi.oxd.server.service.SocketService.listenSocket(SocketService.java:58) at org.xdi.oxd.server.ServerLauncher.startOxd(ServerLauncher.java:66) at org.xdi.oxd.server.ServerLauncher.start(ServerLauncher.java:58) at org.xdi.oxd.server.ServerLauncher.main(ServerLauncher.java:48) 2016-07-14 12:51:14,080 INFO [org.xdi.oxd.server.service.SocketService] Server socket is bound to port: 8099, with timeout: 0 seconds. Start listening for notifications. 2016-07-14 12:51:23,259 DEBUG [org.xdi.oxd.server.service.SocketService] Start new SocketProcessor... 2016-07-14 12:51:23,263 ERROR [org.xdi.oxd.server.license.LicenseUpdateService] Failed to start LicenseUpdateService. Configuration licenseId or licenseServerEndpoint is empty. 2016-07-14 12:51:23,263 DEBUG [org.xdi.oxd.server.license.LicenseService] licenseChanged: false 2016-07-14 12:51:23,263 DEBUG [org.xdi.oxd.server.license.LicenseService] License file location: /.oxd-license 2016-07-14 12:51:23,264 ERROR [org.xdi.oxd.server.license.LicenseFile] No content to map to Object due to end of input java.io.EOFException: No content to map to Object due to end of input at org.codehaus.jackson.map.ObjectMapper._initForReading(ObjectMapper.java:2775) at org.codehaus.jackson.map.ObjectMapper._readMapAndClose(ObjectMapper.java:2718) at org.codehaus.jackson.map.ObjectMapper.readValue(ObjectMapper.java:1909) at org.xdi.oxd.server.license.LicenseFile.create(LicenseFile.java:46) at org.xdi.oxd.server.license.LicenseService.loadLicenseFile(LicenseService.java:132) at org.xdi.oxd.server.license.LicenseService.validate(LicenseService.java:73) at org.xdi.oxd.server.license.LicenseService.<init>(LicenseService.java:56) at org.xdi.oxd.server.license.LicenseService$$FastClassByGuice$$bd74ee5e.newInstance(<generated>) at com.google.inject.internal.cglib.reflect.$FastConstructor.newInstance(FastConstructor.java:40) at com.google.inject.internal.DefaultConstructionProxyFactory$1.newInstance(DefaultConstructionProxyFactory.java:60) at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:85) at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:254) at com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:46) at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1031) at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40) at com.google.inject.Scopes$1$1.get(Scopes.java:65) at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40) at com.google.inject.internal.InjectorImpl$4$1.call(InjectorImpl.java:978) at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1024) at com.google.inject.internal.InjectorImpl$4.get(InjectorImpl.java:974) at com.google.inject.internal.InjectorImpl.getInstance(InjectorImpl.java:1013) at org.xdi.oxd.server.SocketProcessor.<init>(SocketProcessor.java:37) at org.xdi.oxd.server.service.SocketService.listenSocket(SocketService.java:85) at org.xdi.oxd.server.ServerLauncher.startOxd(ServerLauncher.java:66) at org.xdi.oxd.server.ServerLauncher.start(ServerLauncher.java:58) at org.xdi.oxd.server.ServerLauncher.main(ServerLauncher.java:48) 2016-07-14 12:51:23,270 TRACE [org.xdi.oxd.server.SocketProcessor] Socket processor handling... 2016-07-14 12:51:23,271 TRACE [org.xdi.oxd.common.CoreUtils] commandSize: -1, stringStorage: 2016-07-14 12:51:23,351 TRACE [org.xdi.oxd.common.CoreUtils] Parsed sizeString: 0364, commandSize: 364 2016-07-14 12:51:23,353 TRACE [org.xdi.oxd.common.CoreUtils] Read result: ReadResult{m_command='{"command":"implicit_flow","params":{"scope":"openid","nonce":"12ae2ecf-32f1-447e-82c6-0c731dfcb748","discovery_url":"https://sso.lobosstudios.com/.well-known/openid-configuration","redirect_url":"https://360.lobosstudios.com/callback","client_id":"@!2920.FAD2.FB38.9BC5!0001!9227.0E3D!0008!9EC6.7B6C","client_secret":"test","user_id":"test","user_secret":"test"}}', m_leftString=''} 2016-07-14 12:51:23,353 TRACE [org.xdi.oxd.server.Processor] Command: {"command":"implicit_flow","params":{"scope":"openid","nonce":"12ae2ecf-32f1-447e-82c6-0c731dfcb748","discovery_url":"https://sso.lobosstudios.com/.well-known/openid-configuration","redirect_url":"https://360.lobosstudios.com/callback","client_id":"@!2920.FAD2.FB38.9BC5!0001!9227.0E3D!0008!9EC6.7B6C","client_secret":"test","user_id":"test","user_secret":"test"}} 2016-07-14 12:51:23,417 TRACE [org.xdi.oxd.server.service.HttpService] Created TRUST_ALL client. 2016-07-14 12:51:24,352 ERROR [org.xdi.oxauth.client.OpenIdConfigurationClient] peer not authenticated javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431) at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:126) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572) at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180) at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294) at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:645) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:480) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805) at org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor.execute(ApacheHttpClient4Executor.java:109) at org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:39) at org.jboss.resteasy.plugins.interceptors.encoding.AcceptEncodingGZIPInterceptor.execute(AcceptEncodingGZIPInterceptor.java:40) at org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:45) at org.jboss.resteasy.client.ClientRequest.execute(ClientRequest.java:443) at org.jboss.resteasy.client.ClientRequest.httpMethod(ClientRequest.java:677) at org.jboss.resteasy.client.ClientRequest.get(ClientRequest.java:479) at org.jboss.resteasy.client.ClientRequest.get(ClientRequest.java:508) at org.xdi.oxauth.client.OpenIdConfigurationClient._execOpenIdConfiguration(OpenIdConfigurationClient.java:102) at org.xdi.oxauth.client.OpenIdConfigurationClient.execOpenIdConfiguration(OpenIdConfigurationClient.java:78) at org.xdi.oxd.server.service.DiscoveryService.getConnectDiscoveryResponse(DiscoveryService.java:60) at org.xdi.oxd.server.op.ImplicitFlowOperation.execute(ImplicitFlowOperation.java:42) at org.xdi.oxd.server.Processor.process(Processor.java:96) at org.xdi.oxd.server.Processor.process(Processor.java:50) at org.xdi.oxd.server.SocketProcessor.run(SocketProcessor.java:61) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) 2016-07-14 12:51:24,354 ERROR [org.xdi.oxd.server.service.DiscoveryService] java.lang.NullPointerException at org.xdi.oxd.server.service.DiscoveryService.getConnectDiscoveryResponse(DiscoveryService.java:61) at org.xdi.oxd.server.op.ImplicitFlowOperation.execute(ImplicitFlowOperation.java:42) at org.xdi.oxd.server.Processor.process(Processor.java:96) at org.xdi.oxd.server.Processor.process(Processor.java:50) at org.xdi.oxd.server.SocketProcessor.run(SocketProcessor.java:61) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) 2016-07-14 12:51:24,355 ERROR [org.xdi.oxd.server.service.DiscoveryService] Unable to fetch discovery information for url: https://sso.lobosstudios.com/.well-known/openid-configuration 2016-07-14 12:51:24,416 TRACE [org.xdi.oxd.server.Processor] Send back response: {"status":"error","data":{"error":"internal_error","error_description":"Internal server error occurs."}} 2016-07-14 12:51:24,417 ERROR [org.xdi.oxd.server.SocketProcessor] Quit. Enable to process command. ```

By Yuriy Zabrovarnyy staff 20 Jul 2016 at 12:05 p.m. CDT

Copy
Yuriy Zabrovarnyy gravatar
Ok, got it, this is for old build. 1) Would you please give me log with trust_all=true with new build I provided to you? 2) about cacerts and trust_store file. The error you got is definitely because you are trying to call SSL endpoint while it returned plain connection. ``` javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? ``` Is it something with ports on your Gluu Server installation? Hint: http://stackoverflow.com/questions/1157592/javax-net-ssl-sslexception-when-sending-mail-using-javamail Thanks, Yuriy Z

By Steve Sobol user 20 Jul 2016 at 12:22 p.m. CDT

Copy
Steve Sobol gravatar
Hold on, I'm confused. ```trust_all_certs``` is already set to true. Is ```trust_all``` a separate setting? Here are the ports I have open. Is it even necessary to be running Apache on port 80? This server only runs Gluu and I only ever connect to it via HTTPS. ``` sjsobol@sso:~$ sudo netstat -anp|grep "LISTEN " tcp 0 0 127.0.0.1:32000 0.0.0.0:* LISTEN 4031/java tcp 0 0 0.0.0.0:2022 0.0.0.0:* LISTEN 893/sshd tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 3762/memcached tcp6 0 0 :::80 :::* LISTEN 4085/apache2 tcp6 0 0 :::45586 :::* LISTEN 3807/java tcp6 0 0 :::1689 :::* LISTEN 3807/java tcp6 0 0 :::443 :::* LISTEN 4085/apache2 tcp6 0 0 127.0.0.1:8443 :::* LISTEN 4031/java tcp6 0 0 :::4444 :::* LISTEN 3807/java tcp6 0 0 :::1636 :::* LISTEN 3807/java tcp6 0 0 127.0.0.1:8005 :::* LISTEN 4031/java tcp6 0 0 :::2022 :::* LISTEN 893/sshd tcp6 0 0 127.0.0.1:8009 :::* LISTEN 4031/java ```

By Steve Sobol user 20 Jul 2016 at 12:32 p.m. CDT

Copy
Steve Sobol gravatar
Also, I have iptables blocking incoming traffic except on 443 and 2022. I don't think that makes a difference, but it's better to have too much info, than too little...

By Yuriy Zabrovarnyy staff 20 Jul 2016 at 1:32 p.m. CDT

Copy
Yuriy Zabrovarnyy gravatar
No-no, I meant trust_all_certs (sorry for confusion). So would you please give me your logs based on new build where trust_all_certs: true and -Djavax.net.debug=ssl:handshake:verbose ? About SSL configuration, I have no idea what may be wrong but as you can see from stacktrace the connection is plain. So I guess your apache goes to 443 and either redirects to 80 or does not crypt connection at 443. To be honest I don't know. We may involve our admins which may try to help. Thanks, Yuriy Z

By Steve Sobol user 20 Jul 2016 at 1:44 p.m. CDT

Copy
Steve Sobol gravatar
Before I give you more logs -- Using the SSL Checker at https://www.sslshopper.com/ssl-checker.html, I did find one issue with my certificate. ``` One of the certificates is signed with a SHA1 signature. We recommend that you reissue or replace this certificate with one that uses a SHA-2 signature. Contact your SSL provider about how to do this. Read more about the SHA-1 deprecation here. ``` Is there any possibility that this might be causing a problem? I googled and found a post from about a year ago that the .Net HttpClient had issues with SHA-1. I have not seen any indication that any Java library was having the same problems.

By Yuriy Zabrovarnyy staff 20 Jul 2016 at 1:46 p.m. CDT

Copy
Yuriy Zabrovarnyy gravatar
I'm checking code again and again, here is exception from your logs ``` javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431) at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:126) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572) at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180) at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294) at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:645) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:480) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805) at org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor.execute(ApacheHttpClient4Executor.java:109) at org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:39) at org.jboss.resteasy.plugins.interceptors.encoding.AcceptEncodingGZIPInterceptor.execute(AcceptEncodingGZIPInterceptor.java:40) at org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:45) at org.jboss.resteasy.client.ClientRequest.execute(ClientRequest.java:443) at org.jboss.resteasy.client.ClientRequest.httpMethod(ClientRequest.java:677) at org.jboss.resteasy.client.ClientRequest.get(ClientRequest.java:479) at org.jboss.resteasy.client.ClientRequest.get(ClientRequest.java:508) at org.xdi.oxauth.client.OpenIdConfigurationClient._execOpenIdConfiguration(OpenIdConfigurationClient.java:102) at org.xdi.oxauth.client.OpenIdConfigurationClient.execOpenIdConfiguration(OpenIdConfigurationClient.java:78) at org.xdi.oxd.server.service.DiscoveryService.getConnectDiscoveryResponse(DiscoveryService.java:60) at org.xdi.oxd.server.op.ImplicitFlowOperation.execute(ImplicitFlowOperation.java:42) at org.xdi.oxd.server.Processor.process(Processor.java:96) at org.xdi.oxd.server.Processor.process(Processor.java:50) at org.xdi.oxd.server.SocketProcessor.run(SocketProcessor.java:61) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) ``` Check this line ``` org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:126) ``` SSLSocketFactory calls AbstractVerifier while we provided dummy verifier for trust_all_certs: true. See `https://github.com/GluuFederation/oxd/blob/version_2.4.3/oxd-common/src/main/java/org/xdi/oxd/common/CoreUtils.java#L252` As you can see verify method is empty for `trust_all_certs: true`. It makes me think that you still using not new build or otherwise your SSL is not on 443 port which falls back to some defalut SSLSocketFactory and as result to defalut verifier. Thanks, Yuriy Z

By Steve Sobol user 20 Jul 2016 at 1:46 p.m. CDT

Copy
Steve Sobol gravatar
The problematic certificate is the "AddTrust External CA Root" and I probably just need to download it again, as I am using a certificate I downloaded quite some time ago.

By Steve Sobol user 20 Jul 2016 at 1:50 p.m. CDT

Copy
Steve Sobol gravatar
Yuriy: Interesting. I shut down the oxD server that I installed from your repository, and I removed the runlevel 2 init script so that it will not run on startup -- or at least I thought I did. Maybe I'll remove the package completely. Won't hurt anything, I can always reinstall later. But if it WAS running, when I downloaded and ran the build you told me to run, wouldn't it complain that at least one port was already in use?

By Steve Sobol user 20 Jul 2016 at 1:57 p.m. CDT

Copy
Steve Sobol gravatar
Ok. I removed the package I installed from the Gluu repository. So the newer build of oxD is the only one installed on the server now. Logs: ``` BASEDIR=. CONF=./../conf/oxd-conf.json 2016-07-20 14:55:35,517 INFO [org.xdi.oxd.server.ServerLauncher] Starting... 2016-07-20 14:55:35,824 TRACE [org.xdi.oxd.server.service.ConfigurationService] Try to load configuration from system property: oxd.server.config, value: ./../conf/oxd-conf.json 2016-07-20 14:55:36,098 TRACE [org.xdi.oxd.server.service.ConfigurationService] Configuration loaded successfully from system property: oxd.server.config. 2016-07-20 14:55:36,099 TRACE [org.xdi.oxd.server.service.ConfigurationService] Configuration: Configuration{port=8099, timeOutInSeconds=0, jettyPort=8098, startJetty=false, registerClientAppType='web', registerClientResponesType='code', localhostOnly=true, useClientAuthenticationForPat=true, trustAllCerts=true, keyStorePath='', keyStorePassword='null', licenseServerEndpoint='', licenseId='', publicKey='', publicPassword='', licensePassword='', licenseCheckPeriodInHours=24, opHost='https://sso.lobosstudios.com:443'} 2016-07-20 14:55:36,125 INFO [org.xdi.oxd.server.service.ConfigurationService] Configuration directory: ./../conf 2016-07-20 14:55:36,130 TRACE [org.xdi.oxd.server.service.SiteConfigurationService] Loading site file name: oxd-default-site-config.json 2016-07-20 14:55:36,193 ERROR [org.xdi.oxd.server.license.LicenseUpdateService] Failed to start LicenseUpdateService. Configuration licenseId or licenseServerEndpoint is empty. 2016-07-20 14:55:36,193 DEBUG [org.xdi.oxd.server.license.LicenseService] licenseChanged: false 2016-07-20 14:55:36,193 DEBUG [org.xdi.oxd.server.license.LicenseService] License file location: /home/sjsobol/oxd/bin/.oxd-license 2016-07-20 14:55:36,194 ERROR [org.xdi.oxd.server.license.LicenseFile] No content to map to Object due to end of input java.io.EOFException: No content to map to Object due to end of input at org.codehaus.jackson.map.ObjectMapper._initForReading(ObjectMapper.java:2775) at org.codehaus.jackson.map.ObjectMapper._readMapAndClose(ObjectMapper.java:2718) at org.codehaus.jackson.map.ObjectMapper.readValue(ObjectMapper.java:1909) at org.xdi.oxd.server.license.LicenseFile.create(LicenseFile.java:46) at org.xdi.oxd.server.license.LicenseService.loadLicenseFile(LicenseService.java:132) at org.xdi.oxd.server.license.LicenseService.validate(LicenseService.java:73) at org.xdi.oxd.server.license.LicenseService.<init>(LicenseService.java:56) at org.xdi.oxd.server.service.SocketService.listenSocket(SocketService.java:58) at org.xdi.oxd.server.ServerLauncher.startOxd(ServerLauncher.java:66) at org.xdi.oxd.server.ServerLauncher.start(ServerLauncher.java:58) at org.xdi.oxd.server.ServerLauncher.main(ServerLauncher.java:48) 2016-07-20 14:55:36,210 INFO [org.xdi.oxd.server.service.SocketService] Server runs in free license mode which delays commands execution on 0.5 second for each command. In order to remove the transaction limitations placed on the free version of oxD, you need to purchase a commercial license at oxd.gluu.org 2016-07-20 14:55:36,210 INFO [org.xdi.oxd.server.service.SocketService] Server socket is bound to port: 8099, with timeout: 0 seconds. Start listening for notifications. 2016-07-20 14:55:46,052 DEBUG [org.xdi.oxd.server.service.SocketService] Start new SocketProcessor... 2016-07-20 14:55:46,056 ERROR [org.xdi.oxd.server.license.LicenseUpdateService] Failed to start LicenseUpdateService. Configuration licenseId or licenseServerEndpoint is empty. 2016-07-20 14:55:46,056 DEBUG [org.xdi.oxd.server.license.LicenseService] licenseChanged: false 2016-07-20 14:55:46,056 DEBUG [org.xdi.oxd.server.license.LicenseService] License file location: /home/sjsobol/oxd/bin/.oxd-license 2016-07-20 14:55:46,057 ERROR [org.xdi.oxd.server.license.LicenseFile] No content to map to Object due to end of input java.io.EOFException: No content to map to Object due to end of input at org.codehaus.jackson.map.ObjectMapper._initForReading(ObjectMapper.java:2775) at org.codehaus.jackson.map.ObjectMapper._readMapAndClose(ObjectMapper.java:2718) at org.codehaus.jackson.map.ObjectMapper.readValue(ObjectMapper.java:1909) at org.xdi.oxd.server.license.LicenseFile.create(LicenseFile.java:46) at org.xdi.oxd.server.license.LicenseService.loadLicenseFile(LicenseService.java:132) at org.xdi.oxd.server.license.LicenseService.validate(LicenseService.java:73) at org.xdi.oxd.server.license.LicenseService.<init>(LicenseService.java:56) at org.xdi.oxd.server.license.LicenseService$$FastClassByGuice$$bd74ee5e.newInstance(<generated>) at com.google.inject.internal.cglib.reflect.$FastConstructor.newInstance(FastConstructor.java:40) at com.google.inject.internal.DefaultConstructionProxyFactory$1.newInstance(DefaultConstructionProxyFactory.java:60) at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:85) at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:254) at com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:46) at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1031) at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40) at com.google.inject.Scopes$1$1.get(Scopes.java:65) at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40) at com.google.inject.internal.InjectorImpl$4$1.call(InjectorImpl.java:978) at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1024) at com.google.inject.internal.InjectorImpl$4.get(InjectorImpl.java:974) at com.google.inject.internal.InjectorImpl.getInstance(InjectorImpl.java:1013) at org.xdi.oxd.server.SocketProcessor.<init>(SocketProcessor.java:37) at org.xdi.oxd.server.service.SocketService.listenSocket(SocketService.java:91) at org.xdi.oxd.server.ServerLauncher.startOxd(ServerLauncher.java:66) at org.xdi.oxd.server.ServerLauncher.start(ServerLauncher.java:58) at org.xdi.oxd.server.ServerLauncher.main(ServerLauncher.java:48) 2016-07-20 14:55:46,065 TRACE [org.xdi.oxd.server.SocketProcessor] Socket processor handling... 2016-07-20 14:55:46,066 TRACE [org.xdi.oxd.common.CoreUtils] commandSize: -1, stringStorage: 2016-07-20 14:55:46,149 TRACE [org.xdi.oxd.common.CoreUtils] Parsed sizeString: 0364, commandSize: 364 2016-07-20 14:55:46,150 TRACE [org.xdi.oxd.common.CoreUtils] Read result: ReadResult{m_command='{"command":"implicit_flow","params":{"scope":"openid","nonce":"44693e46-f29a-4148-9f08-9851f87abb37","discovery_url":"https://sso.lobosstudios.com/.well-known/openid-configuration","redirect_url":"https://360.lobosstudios.com/callback","client_id":"@!2920.FAD2.FB38.9BC5!0001!9227.0E3D!0008!9EC6.7B6C","client_secret":"test","user_id":"test","user_secret":"test"}}', m_leftString=''} 2016-07-20 14:55:46,151 TRACE [org.xdi.oxd.server.Processor] Command: {"command":"implicit_flow","params":{"scope":"openid","nonce":"44693e46-f29a-4148-9f08-9851f87abb37","discovery_url":"https://sso.lobosstudios.com/.well-known/openid-configuration","redirect_url":"https://360.lobosstudios.com/callback","client_id":"@!2920.FAD2.FB38.9BC5!0001!9227.0E3D!0008!9EC6.7B6C","client_secret":"test","user_id":"test","user_secret":"test"}} 2016-07-20 14:55:46,703 TRACE [org.xdi.oxd.server.service.HttpService] Created TRUST_ALL client. trustStore is: /usr/lib/jvm/java-8-oracle/jre/lib/security/cacerts trustStore type is : jks trustStore provider is : init truststore adding as trusted cert: Subject: CN=Hongkong Post Root CA 1, O=Hongkong Post, C=HK Issuer: CN=Hongkong Post Root CA 1, O=Hongkong Post, C=HK Algorithm: RSA; Serial number: 0x3e8 Valid from Thu May 15 01:13:14 EDT 2003 until Mon May 15 00:52:29 EDT 2023 adding as trusted cert: Subject: CN=SecureTrust CA, O=SecureTrust Corporation, C=US Issuer: CN=SecureTrust CA, O=SecureTrust Corporation, C=US Algorithm: RSA; Serial number: 0xcf08e5c0816a5ad427ff0eb271859d0 Valid from Tue Nov 07 14:31:18 EST 2006 until Mon Dec 31 14:40:55 EST 2029 adding as trusted cert: Subject: CN=Entrust Root Certification Authority - EC1, OU="(c) 2012 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US Issuer: CN=Entrust Root Certification Authority - EC1, OU="(c) 2012 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US Algorithm: EC; Serial number: 0xa68b79290000000050d091f9 Valid from Tue Dec 18 10:25:36 EST 2012 until Fri Dec 18 10:55:36 EST 2037 adding as trusted cert: Subject: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP Issuer: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP Algorithm: RSA; Serial number: 0x0 Valid from Tue Sep 30 00:20:49 EDT 2003 until Sat Sep 30 00:20:49 EDT 2023 adding as trusted cert: Subject: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Issuer: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Algorithm: RSA; Serial number: 0x83be056904246b1a1756ac95991c74a Valid from Thu Nov 09 19:00:00 EST 2006 until Sun Nov 09 19:00:00 EST 2031 adding as trusted cert: Subject: CN=Microsec e-Szigno Root CA, OU=e-Szigno CA, O=Microsec Ltd., L=Budapest, C=HU Issuer: CN=Microsec e-Szigno Root CA, OU=e-Szigno CA, O=Microsec Ltd., L=Budapest, C=HU Algorithm: RSA; Serial number: 0xccb8e7bf4e291afda2dc66a51c2c0f11 Valid from Wed Apr 06 08:28:44 EDT 2005 until Thu Apr 06 08:28:44 EDT 2017 adding as trusted cert: Subject: CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM Issuer: CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM Algorithm: RSA; Serial number: 0x445734245b81899b35f2ceb82b3b5ba726f07528 Valid from Thu Jan 12 13:59:32 EST 2012 until Sun Jan 12 13:59:32 EST 2042 adding as trusted cert: Subject: CN=DigiCert Trusted Root G4, OU=www.digicert.com, O=DigiCert Inc, C=US Issuer: CN=DigiCert Trusted Root G4, OU=www.digicert.com, O=DigiCert Inc, C=US Algorithm: RSA; Serial number: 0x59b1b579e8e2132e23907bda777755c Valid from Thu Aug 01 08:00:00 EDT 2013 until Fri Jan 15 07:00:00 EST 2038 adding as trusted cert: Subject: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US Issuer: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US Algorithm: RSA; Serial number: 0x4 Valid from Mon Jun 21 00:00:00 EDT 1999 until Sun Jun 21 00:00:00 EDT 2020 adding as trusted cert: Subject: CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US Issuer: CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US Algorithm: RSA; Serial number: 0x18acb56afd69b6153a636cafdafac4a1 Valid from Sun Nov 26 19:00:00 EST 2006 until Wed Jul 16 19:59:59 EDT 2036 adding as trusted cert: Subject: C=IL, O=ComSign, CN=ComSign CA Issuer: C=IL, O=ComSign, CN=ComSign CA Algorithm: RSA; Serial number: 0x1413968314558cea7b63e5fc34877744 Valid from Wed Mar 24 06:32:18 EST 2004 until Mon Mar 19 11:02:18 EDT 2029 adding as trusted cert: Subject: O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Aralık 2007, L=Ankara, C=TR, CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı Issuer: O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Aralık 2007, L=Ankara, C=TR, CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı Algorithm: RSA; Serial number: 0x1 Valid from Tue Dec 25 13:37:19 EST 2007 until Fri Dec 22 13:37:19 EST 2017 adding as trusted cert: Subject: OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.", C=JP Issuer: OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.", C=JP Algorithm: RSA; Serial number: 0x0 Valid from Fri May 29 01:00:39 EDT 2009 until Tue May 29 01:00:39 EDT 2029 adding as trusted cert: Subject: CN=Staat der Nederlanden Root CA, O=Staat der Nederlanden, C=NL Issuer: CN=Staat der Nederlanden Root CA, O=Staat der Nederlanden, C=NL Algorithm: RSA; Serial number: 0x98968a Valid from Tue Dec 17 04:23:49 EST 2002 until Wed Dec 16 04:15:38 EST 2015 adding as trusted cert: Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US Algorithm: RSA; Serial number: 0x7dd9fe07cfa81eb7107967fba78934c6 Valid from Sun May 17 20:00:00 EDT 1998 until Tue Aug 01 19:59:59 EDT 2028 adding as trusted cert: Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US Issuer: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US Algorithm: RSA; Serial number: 0x1 Valid from Mon Jun 21 00:00:00 EDT 1999 until Sun Jun 21 00:00:00 EDT 2020 adding as trusted cert: Subject: OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd.", C=TW Issuer: OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd.", C=TW Algorithm: RSA; Serial number: 0x15c8bd65475cafb897005ee406d2bc9d Valid from Sun Dec 19 21:31:27 EST 2004 until Tue Dec 19 21:31:27 EST 2034 adding as trusted cert: Subject: CN=AffirmTrust Commercial, O=AffirmTrust, C=US Issuer: CN=AffirmTrust Commercial, O=AffirmTrust, C=US Algorithm: RSA; Serial number: 0x7777062726a9b17c Valid from Fri Jan 29 09:06:06 EST 2010 until Tue Dec 31 09:06:06 EST 2030 adding as trusted cert: Subject: CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL Issuer: CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL Algorithm: RSA; Serial number: 0x444c0 Valid from Wed Oct 22 08:07:37 EDT 2008 until Mon Dec 31 07:07:37 EST 2029 adding as trusted cert: Subject: CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL Issuer: CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL Algorithm: RSA; Serial number: 0x1 Valid from Sun Sep 17 15:46:36 EDT 2006 until Wed Sep 17 15:46:36 EDT 2036 adding as trusted cert: Subject: CN=Certinomis - Autorité Racine, OU=0002 433998903, O=Certinomis, C=FR Issuer: CN=Certinomis - Autorité Racine, OU=0002 433998903, O=Certinomis, C=FR Algorithm: RSA; Serial number: 0x1 Valid from Wed Sep 17 04:28:59 EDT 2008 until Sun Sep 17 04:28:59 EDT 2028 adding as trusted cert: Subject: CN=DST ACES CA X6, OU=DST ACES, O=Digital Signature Trust, C=US Issuer: CN=DST ACES CA X6, OU=DST ACES, O=Digital Signature Trust, C=US Algorithm: RSA; Serial number: 0xd5e990ad69db778ecd807563b8615d9 Valid from Thu Nov 20 16:19:58 EST 2003 until Mon Nov 20 16:19:58 EST 2017 adding as trusted cert: Subject: CN=XRamp Global Certification Authority, O=XRamp Security Services Inc, OU=www.xrampsecurity.com, C=US Issuer: CN=XRamp Global Certification Authority, O=XRamp Security Services Inc, OU=www.xrampsecurity.com, C=US Algorithm: RSA; Serial number: 0x50946cec18ead59c4dd597ef758fa0ad Valid from Mon Nov 01 12:14:04 EST 2004 until Mon Jan 01 00:37:19 EST 2035 adding as trusted cert: Subject: CN=EC-ACC, OU=Jerarquia Entitats de Certificacio Catalanes, OU=Vegeu https://www.catcert.net/verarrel (c)03, OU=Serveis Publics de Certificacio, O=Agencia Catalana de Certificacio (NIF Q-0801176-I), C=ES Issuer: CN=EC-ACC, OU=Jerarquia Entitats de Certificacio Catalanes, OU=Vegeu https://www.catcert.net/verarrel (c)03, OU=Serveis Publics de Certificacio, O=Agencia Catalana de Certificacio (NIF Q-0801176-I), C=ES Algorithm: RSA; Serial number: 0x-11d4c2142bde21eb579d53fb0c223bff Valid from Tue Jan 07 18:00:00 EST 2003 until Tue Jan 07 17:59:59 EST 2031 adding as trusted cert: Subject: CN=CA Disig Root R1, O=Disig a.s., L=Bratislava, C=SK Issuer: CN=CA Disig Root R1, O=Disig a.s., L=Bratislava, C=SK Algorithm: RSA; Serial number: 0xc3039aee50906e28 Valid from Thu Jul 19 05:06:56 EDT 2012 until Sat Jul 19 05:06:56 EDT 2042 adding as trusted cert: Subject: CN=Sonera Class2 CA, O=Sonera, C=FI Issuer: CN=Sonera Class2 CA, O=Sonera, C=FI Algorithm: RSA; Serial number: 0x1d Valid from Fri Apr 06 03:29:40 EDT 2001 until Tue Apr 06 03:29:40 EDT 2021 adding as trusted cert: Subject: CN=GeoTrust Primary Certification Authority - G2, OU=(c) 2007 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US Issuer: CN=GeoTrust Primary Certification Authority - G2, OU=(c) 2007 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US Algorithm: EC; Serial number: 0x3cb2f4480a00e2feeb243b5e603ec36b Valid from Sun Nov 04 19:00:00 EST 2007 until Mon Jan 18 18:59:59 EST 2038 adding as trusted cert: Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US Algorithm: RSA; Serial number: 0x35def4cf Valid from Sat Aug 22 12:41:51 EDT 1998 until Wed Aug 22 12:41:51 EDT 2018 adding as trusted cert: Subject: CN=Certinomis - Root CA, OU=0002 433998903, O=Certinomis, C=FR Issuer: CN=Certinomis - Root CA, OU=0002 433998903, O=Certinomis, C=FR Algorithm: RSA; Serial number: 0x1 Valid from Mon Oct 21 05:17:18 EDT 2013 until Fri Oct 21 05:17:18 EDT 2033 adding as trusted cert: Subject: CN=CA 沃通根证书, O=WoSign CA Limited, C=CN Issuer: CN=CA 沃通根证书, O=WoSign CA Limited, C=CN Algorithm: RSA; Serial number: 0x50706bcdd813fc1b4e3b3372d211488d Valid from Fri Aug 07 21:00:01 EDT 2009 until Sun Aug 07 21:00:01 EDT 2039 adding as trusted cert: Subject: CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Issuer: CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Algorithm: EC; Serial number: 0x1f47afaa62007050544c019e9b63992a Valid from Wed Mar 05 19:00:00 EST 2008 until Mon Jan 18 18:59:59 EST 2038 adding as trusted cert: Subject: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Issuer: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Algorithm: RSA; Serial number: 0x2ac5c266a0b409b8f0b79f2ae462577 Valid from Thu Nov 09 19:00:00 EST 2006 until Sun Nov 09 19:00:00 EST 2031 adding as trusted cert: Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3 Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3 Algorithm: RSA; Serial number: 0x4000000000121585308a2 Valid from Wed Mar 18 06:00:00 EDT 2009 until Sun Mar 18 06:00:00 EDT 2029 adding as trusted cert: Subject: CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US Issuer: CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US Algorithm: RSA; Serial number: 0x1 Valid from Thu Mar 04 00:00:00 EST 2004 until Sun Mar 04 00:00:00 EST 2029 adding as trusted cert: Subject: CN=Certification Authority of WoSign, O=WoSign CA Limited, C=CN Issuer: CN=Certification Authority of WoSign, O=WoSign CA Limited, C=CN Algorithm: RSA; Serial number: 0x5e68d61171946350560068f33ec9c591 Valid from Fri Aug 07 21:00:01 EDT 2009 until Sun Aug 07 21:00:01 EDT 2039 adding as trusted cert: Subject: CN=GeoTrust Universal CA 2, O=GeoTrust Inc., C=US Issuer: CN=GeoTrust Universal CA 2, O=GeoTrust Inc., C=US Algorithm: RSA; Serial number: 0x1 Valid from Thu Mar 04 00:00:00 EST 2004 until Sun Mar 04 00:00:00 EST 2029 adding as trusted cert: Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE Algorithm: RSA; Serial number: 0x20000b9 Valid from Fri May 12 14:46:00 EDT 2000 until Mon May 12 19:59:00 EDT 2025 adding as trusted cert: Subject: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB Issuer: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB Algorithm: RSA; Serial number: 0x1 Valid from Wed Dec 31 19:00:00 EST 2003 until Sun Dec 31 18:59:59 EST 2028 adding as trusted cert: Subject: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US Issuer: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US Algorithm: RSA; Serial number: 0x0 Valid from Tue Jun 29 13:39:16 EDT 2004 until Thu Jun 29 13:39:16 EDT 2034 adding as trusted cert: Subject: CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU Issuer: CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU Algorithm: RSA; Serial number: 0x0 Valid from Tue Sep 30 12:13:43 EDT 2003 until Wed Sep 30 12:13:44 EDT 2037 adding as trusted cert: Subject: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US Issuer: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362afe650afd Valid from Fri Jul 09 14:10:42 EDT 1999 until Tue Jul 09 14:19:22 EDT 2019 adding as trusted cert: Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Algorithm: RSA; Serial number: 0x9b7e0649a33e62b9d5ee90487129ef57 Valid from Thu Sep 30 20:00:00 EDT 1999 until Wed Jul 16 19:59:59 EDT 2036 adding as trusted cert: Subject: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE Issuer: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE Algorithm: RSA; Serial number: 0x40000000001154b5ac394 Valid from Tue Sep 01 08:00:00 EDT 1998 until Fri Jan 28 07:00:00 EST 2028 adding as trusted cert: Subject: CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5, O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş., L=Ankara, C=TR Issuer: CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5, O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş., L=Ankara, C=TR Algorithm: RSA; Serial number: 0x8e17fe242081 Valid from Tue Apr 30 04:07:01 EDT 2013 until Fri Apr 28 04:07:01 EDT 2023 adding as trusted cert: Subject: CN=AffirmTrust Networking, O=AffirmTrust, C=US Issuer: CN=AffirmTrust Networking, O=AffirmTrust, C=US Algorithm: RSA; Serial number: 0x7c4f04391cd4992d Valid from Fri Jan 29 09:08:24 EST 2010 until Tue Dec 31 09:08:24 EST 2030 adding as trusted cert: Subject: CN=TWCA Global Root CA, OU=Root CA, O=TAIWAN-CA, C=TW Issuer: CN=TWCA Global Root CA, OU=Root CA, O=TAIWAN-CA, C=TW Algorithm: RSA; Serial number: 0xcbe Valid from Wed Jun 27 02:28:33 EDT 2012 until Tue Dec 31 10:59:59 EST 2030 adding as trusted cert: Subject: CN=AffirmTrust Premium, O=AffirmTrust, C=US Issuer: CN=AffirmTrust Premium, O=AffirmTrust, C=US Algorithm: RSA; Serial number: 0x6d8c1446b1a60aee Valid from Fri Jan 29 09:10:36 EST 2010 until Mon Dec 31 09:10:36 EST 2040 adding as trusted cert: Subject: CN=NetLock Expressz (Class C) Tanusitvanykiado, OU=Tanusitvanykiadok, O=NetLock Halozatbiztonsagi Kft., L=Budapest, C=HU Issuer: CN=NetLock Expressz (Class C) Tanusitvanykiado, OU=Tanusitvanykiadok, O=NetLock Halozatbiztonsagi Kft., L=Budapest, C=HU Algorithm: RSA; Serial number: 0x68 Valid from Thu Feb 25 09:08:11 EST 1999 until Wed Feb 20 09:08:11 EST 2019 adding as trusted cert: Subject: EMAILADDRESS=igca@sgdn.pm.gouv.fr, CN=IGC/A, OU=DCSSI, O=PM/SGDN, L=Paris, ST=France, C=FR Issuer: EMAILADDRESS=igca@sgdn.pm.gouv.fr, CN=IGC/A, OU=DCSSI, O=PM/SGDN, L=Paris, ST=France, C=FR Algorithm: RSA; Serial number: 0x3911451094 Valid from Fri Dec 13 09:29:23 EST 2002 until Sat Oct 17 10:29:22 EDT 2020 adding as trusted cert: Subject: O=Government Root Certification Authority, C=TW Issuer: O=Government Root Certification Authority, C=TW Algorithm: RSA; Serial number: 0x1f9d595ad72fc20644a5800869e35ef6 Valid from Thu Dec 05 08:23:33 EST 2002 until Sun Dec 05 08:23:33 EST 2032 adding as trusted cert: Subject: CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US Issuer: CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US Algorithm: RSA; Serial number: 0x15ac6e9419b2794b41f627a9c3180f1f Valid from Tue Apr 01 20:00:00 EDT 2008 until Tue Dec 01 18:59:59 EST 2037 adding as trusted cert: Subject: CN=TWCA Root Certification Authority, OU=Root CA, O=TAIWAN-CA, C=TW Issuer: CN=TWCA Root Certification Authority, OU=Root CA, O=TAIWAN-CA, C=TW Algorithm: RSA; Serial number: 0x1 Valid from Thu Aug 28 03:24:33 EDT 2008 until Tue Dec 31 10:59:59 EST 2030 adding as trusted cert: Subject: CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU Issuer: CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU Algorithm: RSA; Serial number: 0xa3da427ea4b1aeda Valid from Fri Aug 01 08:29:50 EDT 2008 until Sat Jul 31 08:29:50 EDT 2038 adding as trusted cert: Subject: C=DE, O=Atos, CN=Atos TrustedRoot 2011 Issuer: C=DE, O=Atos, CN=Atos TrustedRoot 2011 Algorithm: RSA; Serial number: 0x5c33cb622c5fb332 Valid from Thu Jul 07 10:58:30 EDT 2011 until Tue Dec 31 18:59:59 EST 2030 adding as trusted cert: Subject: CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH Issuer: CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH Algorithm: RSA; Serial number: 0x4f1bd42f54bb2f4b Valid from Wed Oct 25 04:32:46 EDT 2006 until Sat Oct 25 04:32:46 EDT 2036 adding as trusted cert: Subject: CN=CNNIC ROOT, O=CNNIC, C=CN Issuer: CN=CNNIC ROOT, O=CNNIC, C=CN Algorithm: RSA; Serial number: 0x49330001 Valid from Mon Apr 16 03:09:14 EDT 2007 until Fri Apr 16 03:09:14 EDT 2027 adding as trusted cert: Subject: CN=SecureSign RootCA11, O="Japan Certification Services, Inc.", C=JP Issuer: CN=SecureSign RootCA11, O="Japan Certification Services, Inc.", C=JP Algorithm: RSA; Serial number: 0x1 Valid from Wed Apr 08 00:56:47 EDT 2009 until Sun Apr 08 00:56:47 EDT 2029 adding as trusted cert: Subject: CN=Entrust Root Certification Authority - G2, OU="(c) 2009 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US Issuer: CN=Entrust Root Certification Authority - G2, OU="(c) 2009 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US Algorithm: RSA; Serial number: 0x4a538c28 Valid from Tue Jul 07 13:25:54 EDT 2009 until Sat Dec 07 12:55:54 EST 2030 adding as trusted cert: Subject: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Issuer: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Algorithm: RSA; Serial number: 0xce7e0e517d846fe8fe560fc1bf03039 Valid from Thu Nov 09 19:00:00 EST 2006 until Sun Nov 09 19:00:00 EST 2031 adding as trusted cert: Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US Algorithm: RSA; Serial number: 0x0 Valid from Tue Jun 29 13:06:20 EDT 2004 until Thu Jun 29 13:06:20 EDT 2034 adding as trusted cert: Subject: CN=Secure Global CA, O=SecureTrust Corporation, C=US Issuer: CN=Secure Global CA, O=SecureTrust Corporation, C=US Algorithm: RSA; Serial number: 0x75622a4e8d48a894df413c8f0f8eaa5 Valid from Tue Nov 07 14:42:28 EST 2006 until Mon Dec 31 14:52:06 EST 2029 adding as trusted cert: Subject: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE Issuer: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE Algorithm: RSA; Serial number: 0x1 Valid from Tue May 30 06:48:38 EDT 2000 until Sat May 30 06:48:38 EDT 2020 adding as trusted cert: Subject: CN=Secure Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB Issuer: CN=Secure Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB Algorithm: RSA; Serial number: 0x1 Valid from Wed Dec 31 19:00:00 EST 2003 until Sun Dec 31 18:59:59 EST 2028 adding as trusted cert: Subject: CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE Issuer: CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE Algorithm: RSA; Serial number: 0x1 Valid from Wed Oct 01 06:29:56 EDT 2008 until Sat Oct 01 19:59:59 EDT 2033 adding as trusted cert: Subject: CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US Issuer: CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US Algorithm: EC; Serial number: 0x55556bcf25ea43535c3a40fd5ab4572 Valid from Thu Aug 01 08:00:00 EDT 2013 until Fri Jan 15 07:00:00 EST 2038 adding as trusted cert: Subject: CN=Swisscom Root CA 1, OU=Digital Certificate Services, O=Swisscom, C=ch Issuer: CN=Swisscom Root CA 1, OU=Digital Certificate Services, O=Swisscom, C=ch Algorithm: RSA; Serial number: 0x5c0b855c0be75941df57cc3f7f9da836 Valid from Thu Aug 18 08:06:20 EDT 2005 until Mon Aug 18 18:06:20 EDT 2025 adding as trusted cert: Subject: CN=PSCProcert, C=VE, O=Sistema Nacional de Certificacion Electronica, OU=Proveedor de Certificados PROCERT, ST=Miranda, L=Chacao, EMAILADDRESS=contacto@procert.net.ve Issuer: EMAILADDRESS=acraiz@suscerte.gob.ve, OU=Superintendencia de Servicios de Certificacion Electronica, O=Sistema Nacional de Certificacion Electronica, ST=Distrito Capital, L=Caracas, C=VE, CN=Autoridad de Certificacion Raiz del Estado Venezolano Algorithm: RSA; Serial number: 0xb Valid from Tue Dec 28 11:51:00 EST 2010 until Fri Dec 25 18:59:59 EST 2020 adding as trusted cert: Subject: CN=Juur-SK, O=AS Sertifitseerimiskeskus, C=EE, EMAILADDRESS=pki@sk.ee Issuer: CN=Juur-SK, O=AS Sertifitseerimiskeskus, C=EE, EMAILADDRESS=pki@sk.ee Algorithm: RSA; Serial number: 0x3b8e4bfc Valid from Thu Aug 30 10:23:01 EDT 2001 until Fri Aug 26 10:23:01 EDT 2016 adding as trusted cert: Subject: C=TR, O=EBG Bilişim Teknolojileri ve Hizmetleri A.Ş., CN=EBG Elektronik Sertifika Hizmet Sağlayıcısı Issuer: C=TR, O=EBG Bilişim Teknolojileri ve Hizmetleri A.Ş., CN=EBG Elektronik Sertifika Hizmet Sağlayıcısı Algorithm: RSA; Serial number: 0x4caf73421c8e7402 Valid from Wed Aug 16 20:21:09 EDT 2006 until Sat Aug 13 20:31:09 EDT 2016 adding as trusted cert: Subject: CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US Issuer: CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US Algorithm: RSA; Serial number: 0x44be0c8b500024b411d336252567c989 Valid from Fri Jul 09 13:28:50 EDT 1999 until Tue Jul 09 13:36:58 EDT 2019 adding as trusted cert: Subject: CN=GeoTrust Global CA 2, O=GeoTrust Inc., C=US Issuer: CN=GeoTrust Global CA 2, O=GeoTrust Inc., C=US Algorithm: RSA; Serial number: 0x1 Valid from Thu Mar 04 00:00:00 EST 2004 until Mon Mar 04 00:00:00 EST 2019 adding as trusted cert: Subject: CN=Class 2 Primary CA, O=Certplus, C=FR Issuer: CN=Class 2 Primary CA, O=Certplus, C=FR Algorithm: RSA; Serial number: 0x85bd4bf3d8dae369f694d75fc3a54423 Valid from Wed Jul 07 13:05:00 EDT 1999 until Sat Jul 06 19:59:59 EDT 2019 adding as trusted cert: Subject: CN=OISTE WISeKey Global Root GA CA, OU=OISTE Foundation Endorsed, OU=Copyright (c) 2005, O=WISeKey, C=CH Issuer: CN=OISTE WISeKey Global Root GA CA, OU=OISTE Foundation Endorsed, OU=Copyright (c) 2005, O=WISeKey, C=CH Algorithm: RSA; Serial number: 0x413d72c7f46b1f81437df1d22854df9a Valid from Sun Dec 11 11:03:44 EST 2005 until Fri Dec 11 11:09:51 EST 2037 adding as trusted cert: Subject: EMAILADDRESS=info@netlock.hu, CN=NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado, OU=Tanusitvanykiadok, O=NetLock Halozatbiztonsagi Kft., L=Budapest, C=HU Issuer: EMAILADDRESS=info@netlock.hu, CN=NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado, OU=Tanusitvanykiadok, O=NetLock Halozatbiztonsagi Kft., L=Budapest, C=HU Algorithm: RSA; Serial number: 0x7b Valid from Sat Mar 29 20:47:11 EST 2003 until Wed Dec 14 20:47:11 EST 2022 adding as trusted cert: Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US Algorithm: RSA; Serial number: 0x23456 Valid from Tue May 21 00:00:00 EDT 2002 until Sat May 21 00:00:00 EDT 2022 adding as trusted cert: Subject: CN=Network Solutions Certificate Authority, O=Network Solutions L.L.C., C=US Issuer: CN=Network Solutions Certificate Authority, O=Network Solutions L.L.C., C=US Algorithm: RSA; Serial number: 0x57cb336fc25c16e6471617e3903168e0 Valid from Thu Nov 30 19:00:00 EST 2006 until Mon Dec 31 18:59:59 EST 2029 adding as trusted cert: Subject: CN=CFCA EV ROOT, O=China Financial Certification Authority, C=CN Issuer: CN=CFCA EV ROOT, O=China Financial Certification Authority, C=CN Algorithm: RSA; Serial number: 0x184accd6 Valid from Tue Aug 07 23:07:01 EDT 2012 until Sun Dec 30 22:07:01 EST 2029 adding as trusted cert: Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH Issuer: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH Algorithm: RSA; Serial number: 0x4eb200670c035d4f Valid from Wed Oct 25 04:36:00 EDT 2006 until Sat Oct 25 04:36:00 EDT 2036 adding as trusted cert: Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R5 Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R5 Algorithm: EC; Serial number: 0x605949e0262ebb55f90a778a71f94ad86c Valid from Mon Nov 12 19:00:00 EST 2012 until Mon Jan 18 22:14:07 EST 2038 adding as trusted cert: Subject: CN=CA Disig, O=Disig a.s., L=Bratislava, C=SK Issuer: CN=CA Disig, O=Disig a.s., L=Bratislava, C=SK Algorithm: RSA; Serial number: 0x1 Valid from Tue Mar 21 20:39:34 EST 2006 until Mon Mar 21 21:39:34 EDT 2016 adding as trusted cert: Subject: CN=S-TRUST Authentication and Encryption Root CA 2005:PN, O=Deutscher Sparkassen Verlag GmbH, L=Stuttgart, ST=Baden-Wuerttemberg (BW), C=DE Issuer: CN=S-TRUST Authentication and Encryption Root CA 2005:PN, O=Deutscher Sparkassen Verlag GmbH, L=Stuttgart, ST=Baden-Wuerttemberg (BW), C=DE Algorithm: RSA; Serial number: 0x371918e653547c1ab5b8cb595adb35b7 Valid from Tue Jun 21 20:00:00 EDT 2005 until Fri Jun 21 19:59:59 EDT 2030 adding as trusted cert: Subject: CN=CA WoSign ECC Root, O=WoSign CA Limited, C=CN Issuer: CN=CA WoSign ECC Root, O=WoSign CA Limited, C=CN Algorithm: EC; Serial number: 0x684a5870806bf08f02faf6dee8b09090 Valid from Fri Nov 07 19:58:58 EST 2014 until Mon Nov 07 19:58:58 EST 2044 adding as trusted cert: Subject: CN=Hellenic Academic and Research Institutions RootCA 2011, O=Hellenic Academic and Research Institutions Cert. Authority, C=GR Issuer: CN=Hellenic Academic and Research Institutions RootCA 2011, O=Hellenic Academic and Research Institutions Cert. Authority, C=GR Algorithm: RSA; Serial number: 0x0 Valid from Tue Dec 06 08:49:52 EST 2011 until Mon Dec 01 08:49:52 EST 2031 adding as trusted cert: Subject: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Issuer: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Algorithm: RSA; Serial number: 0x6170cb498c5f984529e7b0a6d9505b7a Valid from Thu Sep 30 20:00:00 EDT 1999 until Wed Jul 16 19:59:59 EDT 2036 adding as trusted cert: Subject: CN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US Issuer: CN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US Algorithm: RSA; Serial number: 0x0 Valid from Mon Aug 31 20:00:00 EDT 2009 until Thu Dec 31 18:59:59 EST 2037 adding as trusted cert: Subject: CN=IdenTrust Public Sector Root CA 1, O=IdenTrust, C=US Issuer: CN=IdenTrust Public Sector Root CA 1, O=IdenTrust, C=US Algorithm: RSA; Serial number: 0xa0142800000014523cf467c00000002 Valid from Thu Jan 16 12:53:32 EST 2014 until Mon Jan 16 12:53:32 EST 2034 adding as trusted cert: Subject: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net Issuer: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net Algorithm: RSA; Serial number: 0x3863def8 Valid from Fri Dec 24 12:50:51 EST 1999 until Tue Jul 24 10:15:12 EDT 2029 adding as trusted cert: Subject: CN=Staat der Nederlanden Root CA - G3, O=Staat der Nederlanden, C=NL Issuer: CN=Staat der Nederlanden Root CA - G3, O=Staat der Nederlanden, C=NL Algorithm: RSA; Serial number: 0x98a239 Valid from Thu Nov 14 06:28:42 EST 2013 until Mon Nov 13 18:00:00 EST 2028 adding as trusted cert: Subject: CN=TeliaSonera Root CA v1, O=TeliaSonera Issuer: CN=TeliaSonera Root CA v1, O=TeliaSonera Algorithm: RSA; Serial number: 0x95be16a0f72e46f17b398272fa8bcd96 Valid from Thu Oct 18 08:00:50 EDT 2007 until Mon Oct 18 08:00:50 EDT 2032 adding as trusted cert: Subject: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US Issuer: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US Algorithm: RSA; Serial number: 0x344ed55720d5edec49f42fce37db2b6d Valid from Thu Nov 16 19:00:00 EST 2006 until Wed Jul 16 19:59:59 EDT 2036 adding as trusted cert: Subject: CN=sso.lobosstudios.com, OU=PositiveSSL, OU=Domain Control Validated Issuer: CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Algorithm: RSA; Serial number: 0x619e7f18c2c665d07f0a7ca2cd0f3e02 Valid from Fri Jun 10 20:00:00 EDT 2016 until Tue Jun 11 19:59:59 EDT 2019 adding as trusted cert: Subject: CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US Issuer: CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US Algorithm: RSA; Serial number: 0x0 Valid from Mon Aug 31 20:00:00 EDT 2009 until Thu Dec 31 18:59:59 EST 2037 adding as trusted cert: Subject: CN=Visa eCommerce Root, OU=Visa International Service Association, O=VISA, C=US Issuer: CN=Visa eCommerce Root, OU=Visa International Service Association, O=VISA, C=US Algorithm: RSA; Serial number: 0x1386354d1d3f06f2c1f96505d5901c62 Valid from Tue Jun 25 22:18:36 EDT 2002 until Thu Jun 23 20:16:12 EDT 2022 adding as trusted cert: Subject: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Issuer: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Algorithm: RSA; Serial number: 0x8b5b75568454850b00cfaf3848ceb1a4 Valid from Thu Sep 30 20:00:00 EDT 1999 until Wed Jul 16 19:59:59 EDT 2036 adding as trusted cert: Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Algorithm: EC; Serial number: 0x2f80fe238c0e220f486712289187acb3 Valid from Sun Nov 04 19:00:00 EST 2007 until Mon Jan 18 18:59:59 EST 2038 adding as trusted cert: Subject: CN=Staat der Nederlanden EV Root CA, O=Staat der Nederlanden, C=NL Issuer: CN=Staat der Nederlanden EV Root CA, O=Staat der Nederlanden, C=NL Algorithm: RSA; Serial number: 0x98968d Valid from Wed Dec 08 06:19:29 EST 2010 until Thu Dec 08 06:10:28 EST 2022 adding as trusted cert: Subject: CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US Issuer: CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US Algorithm: RSA; Serial number: 0x456b5054 Valid from Mon Nov 27 15:23:42 EST 2006 until Fri Nov 27 15:53:42 EST 2026 adding as trusted cert: Subject: CN=Root CA Generalitat Valenciana, OU=PKIGVA, O=Generalitat Valenciana, C=ES Issuer: CN=Root CA Generalitat Valenciana, OU=PKIGVA, O=Generalitat Valenciana, C=ES Algorithm: RSA; Serial number: 0x3b45e568 Valid from Fri Jul 06 12:22:47 EDT 2001 until Thu Jul 01 11:22:47 EDT 2021 adding as trusted cert: Subject: CN=Certification Authority of WoSign G2, O=WoSign CA Limited, C=CN Issuer: CN=Certification Authority of WoSign G2, O=WoSign CA Limited, C=CN Algorithm: RSA; Serial number: 0x6b25da8a889d7cbc0f05b3b17a614544 Valid from Fri Nov 07 19:58:58 EST 2014 until Mon Nov 07 19:58:58 EST 2044 adding as trusted cert: Subject: CN=S-TRUST Universal Root CA, OU=S-TRUST Certification Services, O=Deutscher Sparkassen Verlag GmbH, C=DE Issuer: CN=S-TRUST Universal Root CA, OU=S-TRUST Certification Services, O=Deutscher Sparkassen Verlag GmbH, C=DE Algorithm: RSA; Serial number: 0x6056c54b23405b64d4ed25dad9d61e1e Valid from Mon Oct 21 20:00:00 EDT 2013 until Thu Oct 21 19:59:59 EDT 2038 adding as trusted cert: Subject: CN=DigiCert Assured ID Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US Issuer: CN=DigiCert Assured ID Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US Algorithm: RSA; Serial number: 0xb931c3ad63967ea6723bfc3af9af44b Valid from Thu Aug 01 08:00:00 EDT 2013 until Fri Jan 15 07:00:00 EST 2038 adding as trusted cert: Subject: CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL Issuer: CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL Algorithm: RSA; Serial number: 0x2d Valid from Sun Sep 17 15:46:37 EDT 2006 until Wed Sep 17 15:46:36 EDT 2036 adding as trusted cert: Subject: CN=Certum CA, O=Unizeto Sp. z o.o., C=PL Issuer: CN=Certum CA, O=Unizeto Sp. z o.o., C=PL Algorithm: RSA; Serial number: 0x10020 Valid from Tue Jun 11 06:46:39 EDT 2002 until Fri Jun 11 06:46:39 EDT 2027 adding as trusted cert: Subject: CN=CA Disig Root R2, O=Disig a.s., L=Bratislava, C=SK Issuer: CN=CA Disig Root R2, O=Disig a.s., L=Bratislava, C=SK Algorithm: RSA; Serial number: 0x92b888dbb08ac163 Valid from Thu Jul 19 05:15:30 EDT 2012 until Sat Jul 19 05:15:30 EDT 2042 adding as trusted cert: Subject: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE Issuer: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE Algorithm: RSA; Serial number: 0x1 Valid from Tue May 30 06:44:50 EDT 2000 until Sat May 30 06:44:50 EDT 2020 adding as trusted cert: Subject: CN=DST Root CA X3, O=Digital Signature Trust Co. Issuer: CN=DST Root CA X3, O=Digital Signature Trust Co. Algorithm: RSA; Serial number: 0x44afb080d6a327ba893039862ef8406b Valid from Sat Sep 30 17:12:19 EDT 2000 until Thu Sep 30 10:01:15 EDT 2021 adding as trusted cert: Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US Algorithm: RSA; Serial number: 0x70bae41d10d92934b638ca7b03ccbabf Valid from Sun Jan 28 19:00:00 EST 1996 until Tue Aug 01 19:59:59 EDT 2028 adding as trusted cert: Subject: CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO Issuer: CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO Algorithm: RSA; Serial number: 0x2 Valid from Tue Oct 26 04:38:03 EDT 2010 until Fri Oct 26 04:38:03 EDT 2040 adding as trusted cert: Subject: CN=D-TRUST Root Class 3 CA 2 EV 2009, O=D-Trust GmbH, C=DE Issuer: CN=D-TRUST Root Class 3 CA 2 EV 2009, O=D-Trust GmbH, C=DE Algorithm: RSA; Serial number: 0x983f4 Valid from Thu Nov 05 03:50:46 EST 2009 until Mon Nov 05 03:50:46 EST 2029 adding as trusted cert: Subject: CN=DigiCert Assured ID Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US Issuer: CN=DigiCert Assured ID Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US Algorithm: EC; Serial number: 0xba15afa1ddfa0b54944afcd24a06cec Valid from Thu Aug 01 08:00:00 EDT 2013 until Fri Jan 15 07:00:00 EST 2038 adding as trusted cert: Subject: CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH Issuer: CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH Algorithm: RSA; Serial number: 0xbb401c43f55e4fb0 Valid from Wed Oct 25 04:30:35 EDT 2006 until Sat Oct 25 04:30:35 EDT 2036 adding as trusted cert: Subject: CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US Issuer: CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US Algorithm: EC; Serial number: 0x5c8b99c55a94c5d27156decd8980cc26 Valid from Sun Jan 31 19:00:00 EST 2010 until Mon Jan 18 18:59:59 EST 2038 adding as trusted cert: Subject: OU=certSIGN ROOT CA, O=certSIGN, C=RO Issuer: OU=certSIGN ROOT CA, O=certSIGN, C=RO Algorithm: RSA; Serial number: 0x200605167002 Valid from Tue Jul 04 13:20:04 EDT 2006 until Fri Jul 04 13:20:04 EDT 2031 adding as trusted cert: Subject: CN=IdenTrust Commercial Root CA 1, O=IdenTrust, C=US Issuer: CN=IdenTrust Commercial Root CA 1, O=IdenTrust, C=US Algorithm: RSA; Serial number: 0xa0142800000014523c844b500000002 Valid from Thu Jan 16 13:12:23 EST 2014 until Mon Jan 16 13:12:23 EST 2034 adding as trusted cert: Subject: CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM Issuer: CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM Algorithm: RSA; Serial number: 0x509 Valid from Fri Nov 24 13:27:00 EST 2006 until Mon Nov 24 13:23:33 EST 2031 adding as trusted cert: Subject: CN=D-TRUST Root Class 3 CA 2 2009, O=D-Trust GmbH, C=DE Issuer: CN=D-TRUST Root Class 3 CA 2 2009, O=D-Trust GmbH, C=DE Algorithm: RSA; Serial number: 0x983f3 Valid from Thu Nov 05 03:35:58 EST 2009 until Mon Nov 05 03:35:58 EST 2029 adding as trusted cert: Subject: CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche Telekom AG, C=DE Issuer: CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche Telekom AG, C=DE Algorithm: RSA; Serial number: 0x26 Valid from Fri Jul 09 08:11:00 EDT 1999 until Tue Jul 09 19:59:00 EDT 2019 adding as trusted cert: Subject: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM Issuer: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM Algorithm: RSA; Serial number: 0x78585f2ead2c194be3370735341328b596d46593 Valid from Thu Jan 12 12:27:44 EST 2012 until Sun Jan 12 12:27:44 EST 2042 adding as trusted cert: Subject: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US Issuer: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US Algorithm: RSA; Serial number: 0x3f691e819cf09a4af373ffb948a2e4dd Valid from Sun Jan 28 19:00:00 EST 1996 until Wed Aug 02 19:59:59 EDT 2028 adding as trusted cert: Subject: CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US Issuer: CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US Algorithm: RSA; Serial number: 0x1fd6d30fca3ca51a81bbc640e35032d Valid from Sun Jan 31 19:00:00 EST 2010 until Mon Jan 18 18:59:59 EST 2038 adding as trusted cert: Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US Algorithm: RSA; Serial number: 0xb92f60cc889fa17a4609b85b706c8aaf Valid from Sun May 17 20:00:00 EDT 1998 until Tue Aug 01 19:59:59 EDT 2028 adding as trusted cert: Subject: CN=Izenpe.com, O=IZENPE S.A., C=ES Issuer: CN=Izenpe.com, O=IZENPE S.A., C=ES Algorithm: RSA; Serial number: 0xb0b75a16485fbfe1cbf58bd719e67d Valid from Thu Dec 13 08:08:28 EST 2007 until Sun Dec 13 03:27:25 EST 2037 adding as trusted cert: Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 Algorithm: RSA; Serial number: 0x400000000010f8626e60d Valid from Fri Dec 15 03:00:00 EST 2006 until Wed Dec 15 03:00:00 EST 2021 adding as trusted cert: Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Algorithm: RSA; Serial number: 0x18dad19e267de8bb4a2158cdcc6b3b4a Valid from Tue Nov 07 19:00:00 EST 2006 until Wed Jul 16 19:59:59 EDT 2036 adding as trusted cert: Subject: CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM Issuer: CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM Algorithm: RSA; Serial number: 0x5c6 Valid from Fri Nov 24 14:11:23 EST 2006 until Mon Nov 24 14:06:44 EST 2031 adding as trusted cert: Subject: CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US Issuer: CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US Algorithm: RSA; Serial number: 0x0 Valid from Mon Aug 31 20:00:00 EDT 2009 until Thu Dec 31 18:59:59 EST 2037 adding as trusted cert: Subject: CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6, O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş., L=Ankara, C=TR Issuer: CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6, O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş., L=Ankara, C=TR Algorithm: RSA; Serial number: 0x7da1f265ec8a Valid from Wed Dec 18 04:04:10 EST 2013 until Sat Dec 16 04:04:10 EST 2023 adding as trusted cert: Subject: CN=OISTE WISeKey Global Root GB CA, OU=OISTE Foundation Endorsed, O=WISeKey, C=CH Issuer: CN=OISTE WISeKey Global Root GB CA, OU=OISTE Foundation Endorsed, O=WISeKey, C=CH Algorithm: RSA; Serial number: 0x76b1205274f0858746b3f8231af6c2c0 Valid from Mon Dec 01 10:00:32 EST 2014 until Thu Dec 01 10:10:31 EST 2039 adding as trusted cert: Subject: CN=WellsSecure Public Root Certificate Authority, OU=Wells Fargo Bank NA, O=Wells Fargo WellsSecure, C=US Issuer: CN=WellsSecure Public Root Certificate Authority, OU=Wells Fargo Bank NA, O=Wells Fargo WellsSecure, C=US Algorithm: RSA; Serial number: 0x1 Valid from Thu Dec 13 12:07:54 EST 2007 until Tue Dec 13 19:07:54 EST 2022 adding as trusted cert: Subject: CN=Swisscom Root CA 2, OU=Digital Certificate Services, O=Swisscom, C=ch Issuer: CN=Swisscom Root CA 2, OU=Digital Certificate Services, O=Swisscom, C=ch Algorithm: RSA; Serial number: 0x1e9e28e848f2e5efc37c4a1e5a1867b6 Valid from Fri Jun 24 04:38:14 EDT 2011 until Wed Jun 25 03:38:14 EDT 2031 adding as trusted cert: Subject: CN=QuoVadis Root CA 3 G3, O=QuoVadis Limited, C=BM Issuer: CN=QuoVadis Root CA 3 G3, O=QuoVadis Limited, C=BM Algorithm: RSA; Serial number: 0x2ef59b0228a7db7affd5a3a9eebd03a0cf126a1d Valid from Thu Jan 12 15:26:32 EST 2012 until Sun Jan 12 15:26:32 EST 2042 adding as trusted cert: Subject: EMAILADDRESS=info@e-szigno.hu, CN=Microsec e-Szigno Root CA 2009, O=Microsec Ltd., L=Budapest, C=HU Issuer: EMAILADDRESS=info@e-szigno.hu, CN=Microsec e-Szigno Root CA 2009, O=Microsec Ltd., L=Budapest, C=HU Algorithm: RSA; Serial number: 0xc27e43044e473f19 Valid from Tue Jun 16 07:30:18 EDT 2009 until Sun Dec 30 06:30:18 EST 2029 adding as trusted cert: Subject: CN=StartCom Certification Authority G2, O=StartCom Ltd., C=IL Issuer: CN=StartCom Certification Authority G2, O=StartCom Ltd., C=IL Algorithm: RSA; Serial number: 0x3b Valid from Thu Dec 31 20:00:01 EST 2009 until Sat Dec 31 18:59:01 EST 2039 adding as trusted cert: Subject: CN=NetLock Arany (Class Gold) Főtanúsítvány, OU=Tanúsítványkiadók (Certification Services), O=NetLock Kft., L=Budapest, C=HU Issuer: CN=NetLock Arany (Class Gold) Főtanúsítvány, OU=Tanúsítványkiadók (Certification Services), O=NetLock Kft., L=Budapest, C=HU Algorithm: RSA; Serial number: 0x49412ce40010 Valid from Thu Dec 11 10:08:21 EST 2008 until Wed Dec 06 10:08:21 EST 2028 adding as trusted cert: Subject: CN=TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3, OU=Kamu Sertifikasyon Merkezi, OU=Ulusal Elektronik ve Kriptoloji Araştırma Enstitüsü - UEKAE, O=Türkiye Bilimsel ve Teknolojik Araştırma Kurumu - TÜBİTAK, L=Gebze - Kocaeli, C=TR Issuer: CN=TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3, OU=Kamu Sertifikasyon Merkezi, OU=Ulusal Elektronik ve Kriptoloji Araştırma Enstitüsü - UEKAE, O=Türkiye Bilimsel ve Teknolojik Araştırma Kurumu - TÜBİTAK, L=Gebze - Kocaeli, C=TR Algorithm: RSA; Serial number: 0x11 Valid from Fri Aug 24 07:37:07 EDT 2007 until Mon Aug 21 07:37:07 EDT 2017 adding as trusted cert: Subject: CN=Actalis Authentication Root CA, O=Actalis S.p.A./03358520967, L=Milan, C=IT Issuer: CN=Actalis Authentication Root CA, O=Actalis S.p.A./03358520967, L=Milan, C=IT Algorithm: RSA; Serial number: 0x570a119742c4e3cc Valid from Thu Sep 22 07:22:02 EDT 2011 until Sun Sep 22 07:22:02 EDT 2030 adding as trusted cert: Subject: CN=Autoridad de Certificacion Firmaprofesional CIF A62634068, C=ES Issuer: CN=Autoridad de Certificacion Firmaprofesional CIF A62634068, C=ES Algorithm: RSA; Serial number: 0x53ec3beefbb2485f Valid from Wed May 20 04:38:15 EDT 2009 until Tue Dec 31 03:38:15 EST 2030 adding as trusted cert: Subject: CN=Certigna, O=Dhimyotis, C=FR Issuer: CN=Certigna, O=Dhimyotis, C=FR Algorithm: RSA; Serial number: 0xfedce3010fc948ff Valid from Fri Jun 29 11:13:05 EDT 2007 until Tue Jun 29 11:13:05 EDT 2027 adding as trusted cert: Subject: CN=AddTrust Public CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE Issuer: CN=AddTrust Public CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE Algorithm: RSA; Serial number: 0x1 Valid from Tue May 30 06:41:50 EDT 2000 until Sat May 30 06:41:50 EDT 2020 adding as trusted cert: Subject: CN=E-Tugra Certification Authority, OU=E-Tugra Sertifikasyon Merkezi, O=E-Tuğra EBG Bilişim Teknolojileri ve Hizmetleri A.Ş., L=Ankara, C=TR Issuer: CN=E-Tugra Certification Authority, OU=E-Tugra Sertifikasyon Merkezi, O=E-Tuğra EBG Bilişim Teknolojileri ve Hizmetleri A.Ş., L=Ankara, C=TR Algorithm: RSA; Serial number: 0x6a683e9c519bcb53 Valid from Tue Mar 05 07:09:48 EST 2013 until Fri Mar 03 07:09:48 EST 2023 adding as trusted cert: Subject: C=ES, O=ACCV, OU=PKIACCV, CN=ACCVRAIZ1 Issuer: C=ES, O=ACCV, OU=PKIACCV, CN=ACCVRAIZ1 Algorithm: RSA; Serial number: 0x5ec3b7a6437fa4e0 Valid from Thu May 05 05:37:37 EDT 2011 until Tue Dec 31 04:37:37 EST 2030 adding as trusted cert: Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US Algorithm: RSA; Serial number: 0x3c9131cb1ff6d01b0e9ab8d044bf12be Valid from Sun Jan 28 19:00:00 EST 1996 until Wed Aug 02 19:59:59 EDT 2028 adding as trusted cert: Subject: CN=TC TrustCenter Class 3 CA II, OU=TC TrustCenter Class 3 CA, O=TC TrustCenter GmbH, C=DE Issuer: CN=TC TrustCenter Class 3 CA II, OU=TC TrustCenter Class 3 CA, O=TC TrustCenter GmbH, C=DE Algorithm: RSA; Serial number: 0x4a4700010002e5a05dd63f0051bf Valid from Thu Jan 12 09:41:57 EST 2006 until Wed Dec 31 17:59:59 EST 2025 adding as trusted cert: Subject: CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM Issuer: CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM Algorithm: RSA; Serial number: 0x3ab6508b Valid from Mon Mar 19 13:33:33 EST 2001 until Wed Mar 17 14:33:33 EDT 2021 adding as trusted cert: Subject: CN=Buypass Class 2 CA 1, O=Buypass AS-983163327, C=NO Issuer: CN=Buypass Class 2 CA 1, O=Buypass AS-983163327, C=NO Algorithm: RSA; Serial number: 0x1 Valid from Fri Oct 13 06:25:09 EDT 2006 until Thu Oct 13 06:25:09 EDT 2016 adding as trusted cert: Subject: CN=Buypass Class 3 Root CA, O=Buypass AS-983163327, C=NO Issuer: CN=Buypass Class 3 Root CA, O=Buypass AS-983163327, C=NO Algorithm: RSA; Serial number: 0x2 Valid from Tue Oct 26 04:28:58 EDT 2010 until Fri Oct 26 04:28:58 EDT 2040 adding as trusted cert: Subject: OU=Security Communication EV RootCA1, O="SECOM Trust Systems CO.,LTD.", C=JP Issuer: OU=Security Communication EV RootCA1, O="SECOM Trust Systems CO.,LTD.", C=JP Algorithm: RSA; Serial number: 0x0 Valid from Tue Jun 05 22:12:32 EDT 2007 until Fri Jun 05 22:12:32 EDT 2037 adding as trusted cert: Subject: CN=thawte Primary Root CA - G2, OU="(c) 2007 thawte, Inc. - For authorized use only", O="thawte, Inc.", C=US Issuer: CN=thawte Primary Root CA - G2, OU="(c) 2007 thawte, Inc. - For authorized use only", O="thawte, Inc.", C=US Algorithm: EC; Serial number: 0x35fc265cd9844fc93d263d579baed756 Valid from Sun Nov 04 19:00:00 EST 2007 until Mon Jan 18 18:59:59 EST 2038 adding as trusted cert: Subject: CN=Swisscom Root EV CA 2, OU=Digital Certificate Services, O=Swisscom, C=ch Issuer: CN=Swisscom Root EV CA 2, OU=Digital Certificate Services, O=Swisscom, C=ch Algorithm: RSA; Serial number: 0xf2fa64e27463d38dfd101d041f76ca58 Valid from Fri Jun 24 05:45:08 EDT 2011 until Wed Jun 25 04:45:08 EDT 2031 adding as trusted cert: Subject: CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado, OU=Tanusitvanykiadok, O=NetLock Halozatbiztonsagi Kft., L=Budapest, ST=Hungary, C=HU Issuer: CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado, OU=Tanusitvanykiadok, O=NetLock Halozatbiztonsagi Kft., L=Budapest, ST=Hungary, C=HU Algorithm: RSA; Serial number: 0x103 Valid from Wed Feb 24 18:14:47 EST 1999 until Tue Feb 19 18:14:47 EST 2019 adding as trusted cert: Subject: CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Issuer: CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Algorithm: RSA; Serial number: 0x401ac46421b31321030ebbe4121ac51d Valid from Tue Apr 01 20:00:00 EDT 2008 until Tue Dec 01 18:59:59 EST 2037 adding as trusted cert: Subject: CN=China Internet Network Information Center EV Certificates Root, O=China Internet Network Information Center, C=CN Issuer: CN=China Internet Network Information Center EV Certificates Root, O=China Internet Network Information Center, C=CN Algorithm: RSA; Serial number: 0x489f0001 Valid from Tue Aug 31 03:11:25 EDT 2010 until Sat Aug 31 03:11:25 EDT 2030 adding as trusted cert: Subject: CN=Cybertrust Global Root, O="Cybertrust, Inc" Issuer: CN=Cybertrust Global Root, O="Cybertrust, Inc" Algorithm: RSA; Serial number: 0x400000000010f85aa2d48 Valid from Fri Dec 15 03:00:00 EST 2006 until Wed Dec 15 03:00:00 EST 2021 adding as trusted cert: Subject: OU=ApplicationCA, O=Japanese Government, C=JP Issuer: OU=ApplicationCA, O=Japanese Government, C=JP Algorithm: RSA; Serial number: 0x31 Valid from Wed Dec 12 10:00:00 EST 2007 until Tue Dec 12 10:00:00 EST 2017 adding as trusted cert: Subject: CN=Trusted Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB Issuer: CN=Trusted Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB Algorithm: RSA; Serial number: 0x1 Valid from Wed Dec 31 19:00:00 EST 2003 until Sun Dec 31 18:59:59 EST 2028 adding as trusted cert: Subject: CN=Global Chambersign Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU Issuer: CN=Global Chambersign Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU Algorithm: RSA; Serial number: 0x0 Valid from Tue Sep 30 12:14:18 EDT 2003 until Wed Sep 30 12:14:18 EDT 2037 adding as trusted cert: Subject: OU=Trustis FPS Root CA, O=Trustis Limited, C=GB Issuer: OU=Trustis FPS Root CA, O=Trustis Limited, C=GB Algorithm: RSA; Serial number: 0x1b1fadb620f924d3366bf7c7f18ca059 Valid from Tue Dec 23 07:14:06 EST 2003 until Sun Jan 21 06:36:54 EST 2024 adding as trusted cert: Subject: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE Issuer: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE Algorithm: RSA; Serial number: 0x1 Valid from Tue May 30 06:38:31 EDT 2000 until Sat May 30 06:38:31 EDT 2020 adding as trusted cert: Subject: CN=NetLock Uzleti (Class B) Tanusitvanykiado, OU=Tanusitvanykiadok, O=NetLock Halozatbiztonsagi Kft., L=Budapest, C=HU Issuer: CN=NetLock Uzleti (Class B) Tanusitvanykiado, OU=Tanusitvanykiadok, O=NetLock Halozatbiztonsagi Kft., L=Budapest, C=HU Algorithm: RSA; Serial number: 0x69 Valid from Thu Feb 25 09:10:22 EST 1999 until Wed Feb 20 09:10:22 EST 2019 adding as trusted cert: Subject: CN=COMODO Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Issuer: CN=COMODO Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Algorithm: RSA; Serial number: 0x4e812d8a8265e00b02ee3e350246e53d Valid from Thu Nov 30 19:00:00 EST 2006 until Mon Dec 31 18:59:59 EST 2029 adding as trusted cert: Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4 Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4 Algorithm: EC; Serial number: 0x2a38a41c960a04de42b228a50be8349802 Valid from Mon Nov 12 19:00:00 EST 2012 until Mon Jan 18 22:14:07 EST 2038 adding as trusted cert: Subject: CN=AC Raíz Certicámara S.A., O=Sociedad Cameral de Certificación Digital - Certicámara S.A., C=CO Issuer: CN=AC Raíz Certicámara S.A., O=Sociedad Cameral de Certificación Digital - Certicámara S.A., C=CO Algorithm: RSA; Serial number: 0x77e52937be015e357f0698ccbec0c Valid from Mon Nov 27 15:46:29 EST 2006 until Tue Apr 02 17:42:02 EDT 2030 adding as trusted cert: Subject: EMAILADDRESS=pki@sk.ee, CN=EE Certification Centre Root CA, O=AS Sertifitseerimiskeskus, C=EE Issuer: EMAILADDRESS=pki@sk.ee, CN=EE Certification Centre Root CA, O=AS Sertifitseerimiskeskus, C=EE Algorithm: RSA; Serial number: 0x5480f9a073ed3f004cca89d8e371e64a Valid from Sat Oct 30 06:10:30 EDT 2010 until Tue Dec 17 18:59:59 EST 2030 adding as trusted cert: Subject: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU Issuer: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU Algorithm: RSA; Serial number: 0xc9cdd3e9d57d23ce Valid from Fri Aug 01 08:31:40 EDT 2008 until Sat Jul 31 08:31:40 EDT 2038 adding as trusted cert: Subject: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Issuer: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Algorithm: RSA; Serial number: 0x4caaf9cadb636fe01ff74ed85b03869d Valid from Mon Jan 18 19:00:00 EST 2010 until Mon Jan 18 18:59:59 EST 2038 adding as trusted cert: Subject: CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US Issuer: CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US Algorithm: RSA; Serial number: 0x600197b746a7eab4b49ad64b2ff790fb Valid from Tue Apr 01 20:00:00 EDT 2008 until Tue Dec 01 18:59:59 EST 2037 adding as trusted cert: Subject: OU=RSA Security 2048 V3, O=RSA Security Inc Issuer: OU=RSA Security 2048 V3, O=RSA Security Inc Algorithm: RSA; Serial number: 0xa0101010000027c0000000a00000002 Valid from Thu Feb 22 15:39:23 EST 2001 until Sun Feb 22 15:39:23 EST 2026 adding as trusted cert: Subject: CN=AffirmTrust Premium ECC, O=AffirmTrust, C=US Issuer: CN=AffirmTrust Premium ECC, O=AffirmTrust, C=US Algorithm: EC; Serial number: 0x7497258ac73f7a54 Valid from Fri Jan 29 09:20:24 EST 2010 until Mon Dec 31 09:20:24 EST 2040 adding as trusted cert: Subject: CN=Staat der Nederlanden Root CA - G2, O=Staat der Nederlanden, C=NL Issuer: CN=Staat der Nederlanden Root CA - G2, O=Staat der Nederlanden, C=NL Algorithm: RSA; Serial number: 0x98968c Valid from Wed Mar 26 07:18:17 EDT 2008 until Wed Mar 25 07:03:10 EDT 2020 adding as trusted cert: Subject: CN=Sonera Class1 CA, O=Sonera, C=FI Issuer: CN=Sonera Class1 CA, O=Sonera, C=FI Algorithm: RSA; Serial number: 0x24 Valid from Fri Apr 06 06:49:13 EDT 2001 until Tue Apr 06 06:49:13 EDT 2021 adding as trusted cert: Subject: CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE Issuer: CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE Algorithm: RSA; Serial number: 0x1 Valid from Wed Oct 01 06:40:14 EDT 2008 until Sat Oct 01 19:59:59 EDT 2033 adding as trusted cert: Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US Algorithm: RSA; Serial number: 0x4cc7eaaa983e71d39310f83d3a899192 Valid from Sun May 17 20:00:00 EDT 1998 until Tue Aug 01 19:59:59 EDT 2028 adding as trusted cert: Subject: CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US Issuer: CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US Algorithm: RSA; Serial number: 0x33af1e6a711a9a0bb2864b11d09fae5 Valid from Thu Aug 01 08:00:00 EDT 2013 until Fri Jan 15 07:00:00 EST 2038 adding as trusted cert: Subject: C=ES, O=EDICOM, OU=PKI, CN=ACEDICOM Root Issuer: C=ES, O=EDICOM, OU=PKI, CN=ACEDICOM Root Algorithm: RSA; Serial number: 0x618dc7863b018205 Valid from Fri Apr 18 12:24:22 EDT 2008 until Thu Apr 13 12:24:22 EDT 2028 trigger seeding of SecureRandom done seeding SecureRandom Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Thread-1, setSoTimeout(0) called Allow unsafe renegotiation: false Allow legacy hello messages: true Is initial handshake: true Is secure renegotiation: false Thread-1, setSoTimeout(0) called Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1 %% No cached client session *** ClientHello, TLSv1.2 RandomCookie: GMT: 1452198195 bytes = { 254, 98, 252, 128, 217, 237, 72, 181, 106, 240, 98, 245, 127, 144, 66, 112, 85, 121, 242, 95, 208, 90, 81, 221, 211, 163, 138, 110 } Session ID: {} Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] Compression Methods: { 0 } Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1} Extension ec_point_formats, formats: [uncompressed] Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA *** [write] MD5 and SHA1 hashes: len = 193 0000: 01 00 00 BD 03 03 57 8F C9 33 FE 62 FC 80 D9 ED ......W..3.b.... 0010: 48 B5 6A F0 62 F5 7F 90 42 70 55 79 F2 5F D0 5A H.j.b...BpUy._.Z 0020: 51 DD D3 A3 8A 6E 00 00 3A C0 23 C0 27 00 3C C0 Q....n..:.#.'.<. 0030: 25 C0 29 00 67 00 40 C0 09 C0 13 00 2F C0 04 C0 %.).g.@...../... 0040: 0E 00 33 00 32 C0 2B C0 2F 00 9C C0 2D C0 31 00 ..3.2.+./...-.1. 0050: 9E 00 A2 C0 08 C0 12 00 0A C0 03 C0 0D 00 16 00 ................ 0060: 13 00 FF 01 00 00 5A 00 0A 00 34 00 32 00 17 00 ......Z...4.2... 0070: 01 00 03 00 13 00 15 00 06 00 07 00 09 00 0A 00 ................ 0080: 18 00 0B 00 0C 00 19 00 0D 00 0E 00 0F 00 10 00 ................ 0090: 11 00 02 00 12 00 04 00 05 00 14 00 08 00 16 00 ................ 00A0: 0B 00 02 01 00 00 0D 00 18 00 16 06 03 06 01 05 ................ 00B0: 03 05 01 04 03 04 01 03 03 03 01 02 03 02 01 02 ................ 00C0: 02 . Thread-1, WRITE: TLSv1.2 Handshake, length = 193 [Raw write]: length = 198 0000: 16 03 03 00 C1 01 00 00 BD 03 03 57 8F C9 33 FE ...........W..3. 0010: 62 FC 80 D9 ED 48 B5 6A F0 62 F5 7F 90 42 70 55 b....H.j.b...BpU 0020: 79 F2 5F D0 5A 51 DD D3 A3 8A 6E 00 00 3A C0 23 y._.ZQ....n..:.# 0030: C0 27 00 3C C0 25 C0 29 00 67 00 40 C0 09 C0 13 .'.<.%.).g.@.... 0040: 00 2F C0 04 C0 0E 00 33 00 32 C0 2B C0 2F 00 9C ./.....3.2.+./.. 0050: C0 2D C0 31 00 9E 00 A2 C0 08 C0 12 00 0A C0 03 .-.1............ 0060: C0 0D 00 16 00 13 00 FF 01 00 00 5A 00 0A 00 34 ...........Z...4 0070: 00 32 00 17 00 01 00 03 00 13 00 15 00 06 00 07 .2.............. 0080: 00 09 00 0A 00 18 00 0B 00 0C 00 19 00 0D 00 0E ................ 0090: 00 0F 00 10 00 11 00 02 00 12 00 04 00 05 00 14 ................ 00A0: 00 08 00 16 00 0B 00 02 01 00 00 0D 00 18 00 16 ................ 00B0: 06 03 06 01 05 03 05 01 04 03 04 01 03 03 03 01 ................ 00C0: 02 03 02 01 02 02 ...... [Raw read]: length = 5 0000: 48 54 54 50 2F HTTP/ Thread-1, handling exception: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? Thread-1, SEND TLSv1.2 ALERT: fatal, description = unexpected_message Thread-1, WRITE: TLSv1.2 Alert, length = 2 [Raw write]: length = 7 0000: 15 03 03 00 02 02 0A ....... Thread-1, called closeSocket() Thread-1, called close() Thread-1, called closeInternal(true) Thread-1, called close() Thread-1, called closeInternal(true) Thread-1, called close() Thread-1, called closeInternal(true) 2016-07-20 14:55:47,767 ERROR [org.xdi.oxauth.client.OpenIdConfigurationClient] Unrecognized SSL message, plaintext connection? javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? at sun.security.ssl.InputRecord.handleUnknownRecord(InputRecord.java:710) at sun.security.ssl.InputRecord.read(InputRecord.java:527) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747) at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123) at org.apache.http.impl.io.AbstractSessionOutputBuffer.flushBuffer(AbstractSessionOutputBuffer.java:159) at org.apache.http.impl.io.AbstractSessionOutputBuffer.flush(AbstractSessionOutputBuffer.java:166) at org.apache.http.impl.AbstractHttpClientConnection.doFlush(AbstractHttpClientConnection.java:272) at org.apache.http.impl.AbstractHttpClientConnection.flush(AbstractHttpClientConnection.java:277) at org.apache.http.impl.conn.ManagedClientConnectionImpl.flush(ManagedClientConnectionImpl.java:175) at org.apache.http.protocol.HttpRequestExecutor.doSendRequest(HttpRequestExecutor.java:239) at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:121) at org.apache.http.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:717) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:522) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805) at org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor.execute(ApacheHttpClient4Executor.java:109) at org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:39) at org.jboss.resteasy.plugins.interceptors.encoding.AcceptEncodingGZIPInterceptor.execute(AcceptEncodingGZIPInterceptor.java:40) at org.jboss.resteasy.core.interception.ClientExecutionContextImpl.proceed(ClientExecutionContextImpl.java:45) at org.jboss.resteasy.client.ClientRequest.execute(ClientRequest.java:443) at org.jboss.resteasy.client.ClientRequest.httpMethod(ClientRequest.java:677) at org.jboss.resteasy.client.ClientRequest.get(ClientRequest.java:479) at org.jboss.resteasy.client.ClientRequest.get(ClientRequest.java:508) at org.xdi.oxauth.client.OpenIdConfigurationClient._execOpenIdConfiguration(OpenIdConfigurationClient.java:102) at org.xdi.oxauth.client.OpenIdConfigurationClient.execOpenIdConfiguration(OpenIdConfigurationClient.java:78) at org.xdi.oxd.server.service.DiscoveryService.getConnectDiscoveryResponse(DiscoveryService.java:60) at org.xdi.oxd.server.op.ImplicitFlowOperation.execute(ImplicitFlowOperation.java:42) at org.xdi.oxd.server.Processor.process(Processor.java:90) at org.xdi.oxd.server.Processor.process(Processor.java:49) at org.xdi.oxd.server.SocketProcessor.run(SocketProcessor.java:61) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) 2016-07-20 14:55:47,768 ERROR [org.xdi.oxd.server.service.DiscoveryService] java.lang.NullPointerException at org.xdi.oxd.server.service.DiscoveryService.getConnectDiscoveryResponse(DiscoveryService.java:61) at org.xdi.oxd.server.op.ImplicitFlowOperation.execute(ImplicitFlowOperation.java:42) at org.xdi.oxd.server.Processor.process(Processor.java:90) at org.xdi.oxd.server.Processor.process(Processor.java:49) at org.xdi.oxd.server.SocketProcessor.run(SocketProcessor.java:61) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745) 2016-07-20 14:55:47,769 ERROR [org.xdi.oxd.server.service.DiscoveryService] Unable to fetch discovery information for url: https://sso.lobosstudios.com/.well-known/openid-configuration 2016-07-20 14:55:47,800 TRACE [org.xdi.oxd.server.Processor] Send back response: {"status":"error","data":{"error":"internal_error","error_description":"Internal server error occurs."}} 2016-07-20 14:55:47,801 ERROR [org.xdi.oxd.server.SocketProcessor] Quit. Enable to process command. ```

By Yuriy Zabrovarnyy staff 20 Jul 2016 at 4:21 p.m. CDT

Copy
Yuriy Zabrovarnyy gravatar
After reading these posts I'm quite sure your SSL is not configured correctly (your 443 returns plain connection). ``` http://stackoverflow.com/questions/6532273/unrecognized-ssl-message-plaintext-connection-exception http://stackoverflow.com/questions/8580479/apache-httpclient-able-to-communicate-over-https-when-direct-but-not-via-proxy-e https://issues.apache.org/jira/browse/HTTPCLIENT-458 ``` Would you please check your connection as described here? `http://hc.apache.org/httpclient-3.x/sslguide.html` You can check it also against our test server here: `https://ce-dev2.gluu.org/` Discovery `https://ce-dev2.gluu.org/.well-known/openid-configuration`

By Steve Sobol user 20 Jul 2016 at 7:26 p.m. CDT

Copy
Steve Sobol gravatar
HttpClient 3.x is way out of date. I tested using 4.5.2. ``` package test; import org.apache.http.client.methods.CloseableHttpResponse; import org.apache.http.client.methods.HttpGet; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClients; import java.io.IOException; public class HCTest { public static void main(String[] args) throws IOException { CloseableHttpClient httpclient = HttpClients.createDefault(); HttpGet httpGet = new HttpGet("https://www.google.com"); CloseableHttpResponse response1 = httpclient.execute(httpGet); //noinspection TryFinallyCanBeTryWithResources try { System.out.println(response1.getStatusLine()); } finally { response1.close(); } } } ``` pared down from ```http://hc.apache.org/httpcomponents-client-4.5.x/quickstart.html``` The first test I tried was connecting to https://www.google.com - the second test I tried was connecting to the URL of my Gluu server, and both times I got this: ``` HTTP/1.1 200 OK ``` The bug you pointed me at is a bug in 3.0RC2 and involves proxy connections. I am making a direct connection. I would hope oxD isn't using an old version of HttpClient.

By Yuriy Zabrovarnyy staff 21 Jul 2016 at 1:47 a.m. CDT

Copy
Yuriy Zabrovarnyy gravatar
With those links I meant that the problem is with port or otherwise 443 port returns plain connection. oxD is using 4.2.3 httpclient. We need to test connection verifier. Would you please run this main method against your Gluu Server ? For our ce-dev2.gluu.org server it works. ``` public class SslTest { public static void main(String[] args) throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException, IOException { HttpClient httpclient = createHttpClientTrustAll(); HttpResponse response = httpclient.execute(new HttpGet("https://ce-dev2.gluu.org/.well-known/openid-configuration")); System.out.println(response.getStatusLine().getStatusCode()); } public static HttpClient createHttpClientTrustAll() throws NoSuchAlgorithmException, KeyManagementException, KeyStoreException, UnrecoverableKeyException { SSLSocketFactory sf = new SSLSocketFactory(new TrustStrategy() { @Override public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException { return true; } }, new X509HostnameVerifier() { @Override public void verify(String host, SSLSocket ssl) throws IOException { } @Override public void verify(String host, X509Certificate cert) throws SSLException { } @Override public void verify(String host, String[] cns, String[] subjectAlts) throws SSLException { } @Override public boolean verify(String s, SSLSession sslSession) { return true; } } ); SchemeRegistry registry = new SchemeRegistry(); registry.register(new Scheme("http", 80, PlainSocketFactory.getSocketFactory())); registry.register(new Scheme("https", 443, sf)); ClientConnectionManager ccm = new PoolingClientConnectionManager(registry); return new DefaultHttpClient(ccm); } } ```

By Yuriy Zabrovarnyy staff 21 Jul 2016 at 2:12 a.m. CDT

Copy
Yuriy Zabrovarnyy gravatar
Ok, I've checked it against your `https://sso.lobosstudios.com/.well-known/openid-configuration` and have to say that it works. So I went further and created ImplicitOpTest that emulates your request and it works on my side. Here is commit: ``` https://github.com/GluuFederation/oxd/commit/a3a8639cebd61909c6b33b1de1134bc4433343d5 ``` Out put log on 2.4.3-SNAPSHOT oxd ``` Connected to the target VM, address: '127.0.0.1:47185', transport: 'socket' 2016-07-21 10:01:24,943 INFO [org.xdi.oxd.server.ServerLauncher] Starting... 2016-07-21 10:01:25,143 TRACE [org.xdi.oxd.server.service.ConfigurationService] Try to load configuration from system property: oxd.server.config, value: U:\own\project\git\oxd\master\oxd-server\src\test\resources\oxd-conf-test.json 2016-07-21 10:01:25,320 TRACE [org.xdi.oxd.server.service.ConfigurationService] Configuration loaded successfully from system property: oxd.server.config. 2016-07-21 10:01:25,321 TRACE [org.xdi.oxd.server.service.ConfigurationService] Configuration: Configuration{port=8099, timeOutInSeconds=0, jettyPort=0, startJetty=false, registerClientAppType='web', registerClientResponesType='code', localhostOnly=true, useClientAuthenticationForPat=true, trustAllCerts=true, keyStorePath='', keyStorePassword='', licenseServerEndpoint='http://localhost:8090', licenseId='', publicKey='dc3/INiUZCuZGbE7O8caFO4PZljtTrxYN6DNkCfXYyRUJj2hKX2BuMAX/sXJdh+EgRLbNZeiY83bUSicuuoUo/nFDRR0nPZRy26uEMdhCHVymMfg9Rcz5v51ITbymCGx7m6w97Vqx2OFJ+z+GvukJJWSiOh2WoMZ/H21CgvnUSEqvSatcWIdDq8sZc1EpNOPrNZs7KBXYdAFosU85hrjIGxjkyviom3n4Nws95o3LlwRC2ZJrZOmivqdiNh2nIR9hyPTNawTA2qs7O7SQ/fr1ed3mynDXI4Rh5YubR74u0eg9d27ifc3kI64ldOWLOuHH6k+g89IKT/Jb7l7oynDCh25fx5s/fMog7b4oGGv0zHfpkq9UTh/GsBOiy4qdfHwgJGGjH7lcmWz7erI3mN6cQ==', publicPassword='7JCncAbkTG1zXq77MDM3', licensePassword='NdSMDbPRty1tR7BIARja', licenseCheckPeriodInHours=24, opHost='https://sso.lobosstudios.com'} 2016-07-21 10:01:25,372 INFO [org.xdi.oxd.server.service.ConfigurationService] Configuration directory: U:\own\project\git\oxd\master\oxd-server\src\test\resources 2016-07-21 10:01:25,375 TRACE [org.xdi.oxd.server.service.SiteConfigurationService] Loading site file name: 0f0531be-1621-4864-a603-66d4d3b006e4.json 2016-07-21 10:01:25,416 TRACE [org.xdi.oxd.server.service.SiteConfigurationService] Loading site file name: 1f7ecca8-4c60-4fd4-a7be-6c3f26657bcd.json 2016-07-21 10:01:25,417 TRACE [org.xdi.oxd.server.service.SiteConfigurationService] Loading site file name: 27c4fe71-4532-4c2b-a443-94cab9d4f2c2.json 2016-07-21 10:01:25,418 TRACE [org.xdi.oxd.server.service.SiteConfigurationService] Loading site file name: 5940ed2b-abea-4401-9e8c-844c55964eb6.json 2016-07-21 10:01:25,419 TRACE [org.xdi.oxd.server.service.SiteConfigurationService] Loading site file name: 5b281569-04f4-48c6-8fce-852b65c8d1bc.json 2016-07-21 10:01:25,419 TRACE [org.xdi.oxd.server.service.SiteConfigurationService] Loading site file name: 7897c175-60f2-4e9d-8e5f-d0ed43f8b315.json 2016-07-21 10:01:25,420 TRACE [org.xdi.oxd.server.service.SiteConfigurationService] Loading site file name: 7c1443a6-79af-45ce-b896-7ff2431f6d45.json 2016-07-21 10:01:25,421 TRACE [org.xdi.oxd.server.service.SiteConfigurationService] Loading site file name: 7df14859-f135-4a0f-a592-05eeee29f702.json 2016-07-21 10:01:25,422 TRACE [org.xdi.oxd.server.service.SiteConfigurationService] Loading site file name: 86af598e-5d47-4bd2-9173-c2afecbe70d0.json 2016-07-21 10:01:25,422 TRACE [org.xdi.oxd.server.service.SiteConfigurationService] Loading site file name: 9f5ec22f-84e4-4814-b301-1da79d531512.json 2016-07-21 10:01:25,423 TRACE [org.xdi.oxd.server.service.SiteConfigurationService] Loading site file name: a9fd7f6f-6df0-42d5-b700-448ae8e16c18.json 2016-07-21 10:01:25,424 TRACE [org.xdi.oxd.server.service.SiteConfigurationService] Loading site file name: b33a4e2a-780e-4dde-bed7-366b8c9c8b7a.json 2016-07-21 10:01:25,425 TRACE [org.xdi.oxd.server.service.SiteConfigurationService] Loading site file name: b3cd00e6-2345-484c-840d-9fadcfdc5aa4.json 2016-07-21 10:01:25,426 TRACE [org.xdi.oxd.server.service.SiteConfigurationService] Loading site file name: d2e3c2df-b036-4cc9-b674-a3a590eb24ec.json 2016-07-21 10:01:25,426 TRACE [org.xdi.oxd.server.service.SiteConfigurationService] Loading site file name: d5a384e5-2899-4a12-a3d2-5e8aeb786684.json 2016-07-21 10:01:25,427 TRACE [org.xdi.oxd.server.service.SiteConfigurationService] Loading site file name: d773bfbc-c525-42fd-be8c-39fa6c4db178.json 2016-07-21 10:01:25,439 TRACE [org.xdi.oxd.server.service.SiteConfigurationService] Loading site file name: dd328bdc-3b42-4890-a63a-743bd9895331.json 2016-07-21 10:01:25,440 TRACE [org.xdi.oxd.server.service.SiteConfigurationService] Loading site file name: ea947e80-19b2-49ea-af19-6013c8a14219.json 2016-07-21 10:01:25,440 TRACE [org.xdi.oxd.server.service.SiteConfigurationService] Loading site file name: f90e7662-4ce8-4234-85d4-8c8ad53458ac.json 2016-07-21 10:01:25,441 TRACE [org.xdi.oxd.server.service.SiteConfigurationService] Loading site file name: fc0c7d5a-a7b8-4ff6-83d4-815c7117ca5b.json 2016-07-21 10:01:25,442 TRACE [org.xdi.oxd.server.service.SiteConfigurationService] Loading site file name: fc7b477f-bae0-403d-a542-65c05a1aee05.json 2016-07-21 10:01:25,443 TRACE [org.xdi.oxd.server.service.SiteConfigurationService] Loading site file name: oxd-default-site-config.json 2016-07-21 10:01:25,444 ERROR [org.xdi.oxd.server.license.LicenseUpdateService] Failed to start LicenseUpdateService. Configuration licenseId or licenseServerEndpoint is empty. 2016-07-21 10:01:25,444 DEBUG [org.xdi.oxd.server.license.LicenseService] licenseChanged: false 2016-07-21 10:01:25,444 DEBUG [org.xdi.oxd.server.license.LicenseService] License file location: U:\own\project\git\oxd\master\.oxd-license 2016-07-21 10:01:25,445 ERROR [org.xdi.oxd.server.license.LicenseFile] No content to map to Object due to end of input java.io.EOFException: No content to map to Object due to end of input at org.codehaus.jackson.map.ObjectMapper._initForReading(ObjectMapper.java:2775) at org.codehaus.jackson.map.ObjectMapper._readMapAndClose(ObjectMapper.java:2718) at org.codehaus.jackson.map.ObjectMapper.readValue(ObjectMapper.java:1909) at org.xdi.oxd.server.license.LicenseFile.create(LicenseFile.java:46) at org.xdi.oxd.server.license.LicenseService.loadLicenseFile(LicenseService.java:132) at org.xdi.oxd.server.license.LicenseService.validate(LicenseService.java:73) at org.xdi.oxd.server.license.LicenseService.<init>(LicenseService.java:56) at org.xdi.oxd.server.service.SocketService.listenSocket(SocketService.java:58) at org.xdi.oxd.server.ServerLauncher.startOxd(ServerLauncher.java:66) at org.xdi.oxd.server.ServerLauncher.start(ServerLauncher.java:58) at org.xdi.oxd.server.ServerLauncher.main(ServerLauncher.java:48) 2016-07-21 10:01:25,452 INFO [org.xdi.oxd.server.service.SocketService] Server runs in free license mode which delays commands execution on 0.5 second for each command. In order to remove the transaction limitations placed on the free version of oxD, you need to purchase a commercial license at oxd.gluu.org 2016-07-21 10:01:25,452 INFO [org.xdi.oxd.server.service.SocketService] Server socket is bound to port: 8099, with timeout: 0 seconds. Start listening for notifications. 2016-07-21 10:01:32,180 DEBUG [org.xdi.oxd.server.service.SocketService] Start new SocketProcessor... 2016-07-21 10:01:32,182 ERROR [org.xdi.oxd.server.license.LicenseUpdateService] Failed to start LicenseUpdateService. Configuration licenseId or licenseServerEndpoint is empty. 2016-07-21 10:01:32,182 DEBUG [org.xdi.oxd.server.license.LicenseService] licenseChanged: false 2016-07-21 10:01:32,182 DEBUG [org.xdi.oxd.server.license.LicenseService] License file location: U:\own\project\git\oxd\master\.oxd-license 2016-07-21 10:01:32,182 ERROR [org.xdi.oxd.server.license.LicenseFile] No content to map to Object due to end of input java.io.EOFException: No content to map to Object due to end of input at org.codehaus.jackson.map.ObjectMapper._initForReading(ObjectMapper.java:2775) at org.codehaus.jackson.map.ObjectMapper._readMapAndClose(ObjectMapper.java:2718) at org.codehaus.jackson.map.ObjectMapper.readValue(ObjectMapper.java:1909) at org.xdi.oxd.server.license.LicenseFile.create(LicenseFile.java:46) at org.xdi.oxd.server.license.LicenseService.loadLicenseFile(LicenseService.java:132) at org.xdi.oxd.server.license.LicenseService.validate(LicenseService.java:73) at org.xdi.oxd.server.license.LicenseService.<init>(LicenseService.java:56) at org.xdi.oxd.server.license.LicenseService$$FastClassByGuice$$bd74ee5e.newInstance(<generated>) at com.google.inject.internal.cglib.reflect.$FastConstructor.newInstance(FastConstructor.java:40) at com.google.inject.internal.DefaultConstructionProxyFactory$1.newInstance(DefaultConstructionProxyFactory.java:60) at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:85) at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:254) at com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:46) at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1031) at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40) at com.google.inject.Scopes$1$1.get(Scopes.java:65) at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40) at com.google.inject.internal.InjectorImpl$4$1.call(InjectorImpl.java:978) at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1024) at com.google.inject.internal.InjectorImpl$4.get(InjectorImpl.java:974) at com.google.inject.internal.InjectorImpl.getInstance(InjectorImpl.java:1013) at org.xdi.oxd.server.SocketProcessor.<init>(SocketProcessor.java:37) at org.xdi.oxd.server.service.SocketService.listenSocket(SocketService.java:91) at org.xdi.oxd.server.ServerLauncher.startOxd(ServerLauncher.java:66) at org.xdi.oxd.server.ServerLauncher.start(ServerLauncher.java:58) at org.xdi.oxd.server.ServerLauncher.main(ServerLauncher.java:48) 2016-07-21 10:01:32,184 TRACE [org.xdi.oxd.server.SocketProcessor] Socket processor handling... 2016-07-21 10:01:32,184 TRACE [org.xdi.oxd.common.CoreUtils] commandSize: -1, stringStorage: 2016-07-21 10:01:32,440 TRACE [org.xdi.oxd.common.CoreUtils] Parsed sizeString: 0364, commandSize: 364 2016-07-21 10:01:32,441 TRACE [org.xdi.oxd.common.CoreUtils] Read result: ReadResult{m_command='{"command":"implicit_flow","params":{"scope":"openid","nonce":"44693e46-f29a-4148-9f08-9851f87abb37","discovery_url":"https://sso.lobosstudios.com/.well-known/openid-configuration","redirect_url":"https://360.lobosstudios.com/callback","client_id":"@!2920.FAD2.FB38.9BC5!0001!9227.0E3D!0008!9EC6.7B6C","client_secret":"test","user_id":"test","user_secret":"test"}}', m_leftString=''} 2016-07-21 10:01:32,441 TRACE [org.xdi.oxd.server.Processor] Command: {"command":"implicit_flow","params":{"scope":"openid","nonce":"44693e46-f29a-4148-9f08-9851f87abb37","discovery_url":"https://sso.lobosstudios.com/.well-known/openid-configuration","redirect_url":"https://360.lobosstudios.com/callback","client_id":"@!2920.FAD2.FB38.9BC5!0001!9227.0E3D!0008!9EC6.7B6C","client_secret":"test","user_id":"test","user_secret":"test"}} 2016-07-21 10:01:32,987 TRACE [org.xdi.oxd.server.service.HttpService] Created TRUST_ALL client. 2016-07-21 10:01:34,284 WARN [org.apache.http.client.protocol.ResponseProcessCookies] Cookie rejected: "[version: 0][name: JSESSIONID][value: BE271FA59A65DDEE632684A92BD75EDE][domain: sso.lobosstudios.com][path: /oxauth/][expiry: null]". Illegal path attribute "/oxauth/". Path of origin: "/.well-known/openid-configuration" 2016-07-21 10:01:34,301 ERROR [org.xdi.oxauth.client.OpenIdConfigurationClient] JSONObject["scope"] is not a JSONArray. org.codehaus.jettison.json.JSONException: JSONObject["scope"] is not a JSONArray. at org.codehaus.jettison.json.JSONObject.getJSONArray(JSONObject.java:440) at org.xdi.oxauth.client.OpenIdConfigurationResponse.parseScopeToClaimsMapping(OpenIdConfigurationResponse.java:132) at org.xdi.oxauth.client.OpenIdConfigurationClient._execOpenIdConfiguration(OpenIdConfigurationClient.java:156) at org.xdi.oxauth.client.OpenIdConfigurationClient.execOpenIdConfiguration(OpenIdConfigurationClient.java:78) at org.xdi.oxd.server.service.DiscoveryService.getConnectDiscoveryResponse(DiscoveryService.java:60) at org.xdi.oxd.server.op.ImplicitFlowOperation.execute(ImplicitFlowOperation.java:42) at org.xdi.oxd.server.Processor.process(Processor.java:90) at org.xdi.oxd.server.Processor.process(Processor.java:49) at org.xdi.oxd.server.SocketProcessor.run(SocketProcessor.java:61) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) at java.lang.Thread.run(Thread.java:722) 2016-07-21 10:01:34,302 TRACE [org.xdi.oxd.server.service.DiscoveryService] Discovery response: { "issuer": "https://sso.lobosstudios.com", "authorization_endpoint": "https://sso.lobosstudios.com/oxauth/seam/resource/restv1/oxauth/authorize", "token_endpoint": "https://sso.lobosstudios.com/oxauth/seam/resource/restv1/oxauth/token", "userinfo_endpoint": "https://sso.lobosstudios.com/oxauth/seam/resource/restv1/oxauth/userinfo", "clientinfo_endpoint": "https://sso.lobosstudios.com/oxauth/seam/resource/restv1/oxauth/clientinfo", "check_session_iframe": "https://sso.lobosstudios.com/oxauth/opiframe", "end_session_endpoint": "https://sso.lobosstudios.com/oxauth/seam/resource/restv1/oxauth/end_session", "jwks_uri": "https://sso.lobosstudios.com/oxauth/seam/resource/restv1/oxauth/jwks", "registration_endpoint": "https://sso.lobosstudios.com/oxauth/seam/resource/restv1/oxauth/register", "validate_token_endpoint": "https://sso.lobosstudios.com/oxauth/seam/resource/restv1/oxauth/validate", "federation_metadata_endpoint": "https://sso.lobosstudios.com/oxauth/seam/resource/restv1/oxauth/federationmetadata", "federation_endpoint": "https://sso.lobosstudios.com/oxauth/seam/resource/restv1/oxauth/federation", "id_generation_endpoint": "https://sso.lobosstudios.com/oxauth/seam/resource/restv1/id", "introspection_endpoint": "https://sso.lobosstudios.com/oxauth/seam/resource/restv1/introspection", "scopes_supported": [ "address", "clientinfo", "mobile_phone", "profile", "email", "uma_authorization", "uma_protection", "user_name", "phone", "openid" ], "response_types_supported": [ "code", "code id_token", "token", "token id_token", "code token", "code token id_token", "id_token" ], "grant_types_supported": [ "authorization_code", "implicit", "urn:ietf:params:oauth:grant-type:jwt-bearer" ], "acr_values_supported": ["internal"], "subject_types_supported": [ "public", "pairwise" ], "userinfo_signing_alg_values_supported": [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "userinfo_encryption_alg_values_supported": [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "userinfo_encryption_enc_values_supported": [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "id_token_signing_alg_values_supported": [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "id_token_encryption_alg_values_supported": [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "id_token_encryption_enc_values_supported": [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "request_object_signing_alg_values_supported": [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "request_object_encryption_alg_values_supported": [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "request_object_encryption_enc_values_supported": [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "token_endpoint_auth_methods_supported": [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ], "token_endpoint_auth_signing_alg_values_supported": [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "display_values_supported": [ "page", "popup" ], "claim_types_supported": ["normal"], "claims_supported": [ "birthdate", "locality", "country", "name", "email", "email_verified", "given_name", "gender", "formatted", "phone_number", "iname", "inum", "family_name", "updated_at", "locale", "middle_name", "phone_mobile_number", "nickname", "o", "phone_number_verified", "picture", "postal_code", "preferred_username", "profile", "region", "street_address", "zoneinfo", "user_name", "website" ], "service_documentation": "http://gluu.org/docs", "claims_locales_supported": ["en"], "ui_locales_supported": [ "en", "es" ], "scope_to_claims_mapping": [ { "scope": "address", "claims": [ "formatted", "postal_code", "street_address", "locality", "country", "region" ] }, { "scope": "clientinfo", "claims": [ "name", "inum" ] }, { "scope": "mobile_phone", "claims": ["phone_mobile_number"] }, { "scope": "profile", "claims": [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ] }, { "scope": "email", "claims": [ "email_verified", "email" ] }, { "scope": "uma_authorization", "claims": [] }, { "scope": "uma_protection", "claims": [] }, { "scope": "user_name", "claims": ["user_name"] }, { "scope": "phone", "claims": [ "phone_number_verified", "phone_number" ] }, { "scope": "openid", "claims": ["inum"] } ], "claims_parameter_supported": true, "request_parameter_supported": true, "request_uri_parameter_supported": true, "require_request_uri_registration": false, "op_policy_uri": "http://ox.gluu.org/doku.php?id=oxauth:policy", "op_tos_uri": "http://ox.gluu.org/doku.php?id=oxauth:tos", "http_logout_supported": "true", "logout_session_supported": "true" } 2016-07-21 10:01:34,308 TRACE [org.xdi.oxd.server.service.HttpService] Created TRUST_ALL client. ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/seam/resource/restv1/oxauth/authorize HTTP/1.1 Host: sso.lobosstudios.com Authorization: Basic dGVzdDp0ZXN0 response_type=code+id_token&client_id=%40%212920.FAD2.FB38.9BC5%210001%219227.0E3D%210008%219EC6.7B6C&scope=openid&redirect_uri=https%3A%2F%2F360.lobosstudios.com%2Fcallback&state=af0ifjsldkj&nonce=a96fd4ed-9356-4668-be30-c13355e0791e&prompt=none ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 302 Location: https://360.lobosstudios.com/callback#session_state=75e3c3cd-bbda-45db-851b-982db57f5de8&scope=openid&state=af0ifjsldkj&code=9c0cd582-0ee0-4746-883a-7675b4b61d99&id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjZjZDBkNzY5LTMxNWQtNDVmOS04Nzk2LTczODI0M2VjOWQ0ZiJ9.eyJpc3MiOiJodHRwczovL3Nzby5sb2Jvc3N0dWRpb3MuY29tIiwiYXVkIjoiQCEyOTIwLkZBRDIuRkIzOC45QkM1ITAwMDEhOTIyNy4wRTNEITAwMDghOUVDNi43QjZDIiwiZXhwIjoxNDY5MDg4NDYzLCJpYXQiOjE0NjkwODQ4NjMsIm5vbmNlIjoiYTk2ZmQ0ZWQtOTM1Ni00NjY4LWJlMzAtYzEzMzU1ZTA3OTFlIiwiYXV0aF90aW1lIjoxNDY5MDg0ODYzLCJjX2hhc2giOiIzSWhKQkVySEZTcngzdmhXTFRhZUVBIiwib3hWYWxpZGF0aW9uVVJJIjoiaHR0cHM6Ly9zc28ubG9ib3NzdHVkaW9zLmNvbS9veGF1dGgvb3BpZnJhbWUiLCJveE9wZW5JRENvbm5lY3RWZXJzaW9uIjoib3BlbmlkY29ubmVjdC0xLjAiLCJpbnVtIjoiQCEyOTIwLkZBRDIuRkIzOC45QkM1ITAwMDEhOTIyNy4wRTNEITAwMDAhQ0YwNy44RkVFIiwic3ViIjoiYTk2YmQ1NzMtYjc4NS00ZTcwLTkxNWItOTNlNTdjMGJiYTUwIn0.b5pF1dpWiIPVDzXVVnYzBQXFsmjPNBPnCW52nXgSgC0KxWN-wsz40nFQLC3SHXmfO2CVfZQpz-PczJrkyAUkBPBxvr95wvLy3h2hnxqVzAJQrls5z58tWbxwGxcv4bd6ZqMlXCpYgl8kSkeQLAwXNDq5GRW35_gtsmkUuMREin3knz1We5hvmo5JfdDUV0VAXsOug4IhHueP67VlL9bfUeePDrPdI0_4pU5dF_ifOtbXsvqw36nUULigkwN7Rgd8YGP_AcuBYDtEYJQ5ARv3iqja8z18yVoeQTcRbBUTe1tl8qW4Mdl2JKINFaiXm_eX9-oAYy7mVkb3vY1I_baZlQ 2016-07-21 10:01:35,037 TRACE [org.xdi.oxd.server.service.HttpService] Created TRUST_ALL client. ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/seam/resource/restv1/oxauth/token HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: sso.lobosstudios.com Authorization: Basic QCEyOTIwLkZBRDIuRkIzOC45QkM1ITAwMDEhOTIyNy4wRTNEITAwMDghOUVDNi43QjZDOnRlc3Q= grant_type=authorization_code&code=9c0cd582-0ee0-4746-883a-7675b4b61d99&redirect_uri=https%3A%2F%2F360.lobosstudios.com%2Fcallback&scope=openid ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Content-Type: application/json Cache-Control: no-store Pragma: no-cache {"access_token":"ada847d3-fda7-4410-83bc-727db0e0bf98","token_type":"bearer","expires_in":299,"refresh_token":"a6b6d945-6d3d-4f5c-b252-8ebf4a052df2","scope":"openid","id_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjZjZDBkNzY5LTMxNWQtNDVmOS04Nzk2LTczODI0M2VjOWQ0ZiJ9.eyJpc3MiOiJodHRwczovL3Nzby5sb2Jvc3N0dWRpb3MuY29tIiwiYXVkIjoiQCEyOTIwLkZBRDIuRkIzOC45QkM1ITAwMDEhOTIyNy4wRTNEITAwMDghOUVDNi43QjZDIiwiZXhwIjoxNDY5MDg4NDYzLCJpYXQiOjE0NjkwODQ4NjMsIm5vbmNlIjoiYTk2ZmQ0ZWQtOTM1Ni00NjY4LWJlMzAtYzEzMzU1ZTA3OTFlIiwiYXV0aF90aW1lIjoxNDY5MDg0ODYzLCJhdF9oYXNoIjoiTWJ1OUpfeHMzcXI2MW1uVWctNjkyQSIsIm94VmFsaWRhdGlvblVSSSI6Imh0dHBzOi8vc3NvLmxvYm9zc3R1ZGlvcy5jb20vb3hhdXRoL29waWZyYW1lIiwib3hPcGVuSURDb25uZWN0VmVyc2lvbiI6Im9wZW5pZGNvbm5lY3QtMS4wIiwiaW51bSI6IkAhMjkyMC5GQUQyLkZCMzguOUJDNSEwMDAxITkyMjcuMEUzRCEwMDAwIUNGMDcuOEZFRSIsInN1YiI6ImE5NmJkNTczLWI3ODUtNGU3MC05MTViLTkzZTU3YzBiYmE1MCJ9.FPnwiffyFPc5KP268i24oAU2Tzwbwfod9oD2VPKgFIQ7ToBke5w1zPa7KC8uFjSTYzUvh0d2_wtR4Nq76qKSlaJj4CUGD_schM-J-RXs8C_OxVRlgPlHvIcqvdD65b2PsHnyGgcdzkmvaHNAOGAd11-nLccFy0u5AnqfDJeKUlLN7S5Tqgtt4auf4Da6j-OvvmDi_Wf8E9FgtpiGcE87A0ZSO218cJcZxXCG0aW2x7kX0rHwwGUQ-5-YUTqfD-2swJdTcscLP3m8Y77CkkfNFx0WVfhtR3vTox4j7rRMXGqodn2pZXEuH7h4GFZp9UQqo1Pk4G6_WIci5J6UVPv0tw"} 2016-07-21 10:01:35,759 TRACE [org.xdi.oxd.server.Processor] Send back response: {"status":"ok","data":{"scope":"openid","access_token":"ada847d3-fda7-4410-83bc-727db0e0bf98","expires_in_seconds":299,"refresh_token":"a6b6d945-6d3d-4f5c-b252-8ebf4a052df2","authorization_code":"9c0cd582-0ee0-4746-883a-7675b4b61d99","id_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjZjZDBkNzY5LTMxNWQtNDVmOS04Nzk2LTczODI0M2VjOWQ0ZiJ9.eyJpc3MiOiJodHRwczovL3Nzby5sb2Jvc3N0dWRpb3MuY29tIiwiYXVkIjoiQCEyOTIwLkZBRDIuRkIzOC45QkM1ITAwMDEhOTIyNy4wRTNEITAwMDghOUVDNi43QjZDIiwiZXhwIjoxNDY5MDg4NDYzLCJpYXQiOjE0NjkwODQ4NjMsIm5vbmNlIjoiYTk2ZmQ0ZWQtOTM1Ni00NjY4LWJlMzAtYzEzMzU1ZTA3OTFlIiwiYXV0aF90aW1lIjoxNDY5MDg0ODYzLCJhdF9oYXNoIjoiTWJ1OUpfeHMzcXI2MW1uVWctNjkyQSIsIm94VmFsaWRhdGlvblVSSSI6Imh0dHBzOi8vc3NvLmxvYm9zc3R1ZGlvcy5jb20vb3hhdXRoL29waWZyYW1lIiwib3hPcGVuSURDb25uZWN0VmVyc2lvbiI6Im9wZW5pZGNvbm5lY3QtMS4wIiwiaW51bSI6IkAhMjkyMC5GQUQyLkZCMzguOUJDNSEwMDAxITkyMjcuMEUzRCEwMDAwIUNGMDcuOEZFRSIsInN1YiI6ImE5NmJkNTczLWI3ODUtNGU3MC05MTViLTkzZTU3YzBiYmE1MCJ9.FPnwiffyFPc5KP268i24oAU2Tzwbwfod9oD2VPKgFIQ7ToBke5w1zPa7KC8uFjSTYzUvh0d2_wtR4Nq76qKSlaJj4CUGD_schM-J-RXs8C_OxVRlgPlHvIcqvdD65b2PsHnyGgcdzkmvaHNAOGAd11-nLccFy0u5AnqfDJeKUlLN7S5Tqgtt4auf4Da6j-OvvmDi_Wf8E9FgtpiGcE87A0ZSO218cJcZxXCG0aW2x7kX0rHwwGUQ-5-YUTqfD-2swJdTcscLP3m8Y77CkkfNFx0WVfhtR3vTox4j7rRMXGqodn2pZXEuH7h4GFZp9UQqo1Pk4G6_WIci5J6UVPv0tw"}} 2016-07-21 10:01:35,759 TRACE [org.xdi.oxd.server.SocketProcessor] Socket processor handling... 2016-07-21 10:01:35,759 TRACE [org.xdi.oxd.common.CoreUtils] commandSize: -1, stringStorage: 2016-07-21 10:01:37,918 TRACE [org.xdi.oxd.common.CoreUtils] End of stream. Quit. 2016-07-21 10:01:37,919 TRACE [org.xdi.oxd.server.SocketProcessor] Quit. Read result is null or command string is blank. ``` Now I wish to understand why it does not work on your side. Very strange.

By Yuriy Zabrovarnyy staff 21 Jul 2016 at 2:22 a.m. CDT

Copy
Yuriy Zabrovarnyy gravatar
To have clear experiment I've downloaded oxD from repo `http://ox.gluu.org/maven/org/xdi/oxd-server/2.4.3-SNAPSHOT/oxd-server-2.4.3-SNAPSHOT-distribution.zip ` Modified cofiguration oxd-server-2.4.3-SNAPSHOT-distribution\conf\oxd-conf.json ``` { "port":8099, "localhost_only":true, "time_out_in_seconds":0, "jetty_port":8098, "start_jetty":false, "use_client_authentication_for_pat":true, "trust_all_certs":true, "trust_store_path":"", "trust_store_password":"", "license_server_endpoint":"", "license_id":"", "license_check_period_in_hours": 24, "public_key":"", "public_password":"", "license_password":"", "op_host":"https://sso.lobosstudios.com" } ``` Run `https://github.com/GluuFederation/oxd/blob/version_2.4.3/oxd-client/src/test/java/org/xdi/oxd/client/manual/ImplicitOpTest.java` Log ``` U:\var\test\oxd-server-2.4.3-SNAPSHOT-distribution\bin>"cd /d U:\var\test\oxd-server-2.4.3-SNAPSHOT-distribution\bin\" '"cd /d U:\var\test\oxd-server-2.4.3-SNAPSHOT-distribution\bin\"' is not recognized as an internal or external command, operable program or batch file. U:\var\test\oxd-server-2.4.3-SNAPSHOT-distribution\bin>set LIB=../lib U:\var\test\oxd-server-2.4.3-SNAPSHOT-distribution\bin>set CONF=../conf/oxd-conf.json U:\var\test\oxd-server-2.4.3-SNAPSHOT-distribution\bin>echo CONF=../conf/oxd-conf.json CONF=../conf/oxd-conf.json U:\var\test\oxd-server-2.4.3-SNAPSHOT-distribution\bin>java -Doxd.server.config=../conf/oxd-conf.json -cp ../lib/bcprov-jdk16-1.46.jar;../lib/resteasy-jaxrs-2.3.4.Final.jar;../lib/oxd-server-jar-with-dependencies.jar org.xdi.oxd.server.ServerLauncher 2016-07-21 10:10:58,653 INFO [org.xdi.oxd.server.ServerLauncher] Starting... 2016-07-21 10:10:58,973 TRACE [org.xdi.oxd.server.service.ConfigurationService] Try to load configuration from system property: oxd.server.config, value: ../conf/oxd-conf.json 2016-07-21 10:10:59,170 TRACE [org.xdi.oxd.server.service.ConfigurationService] Configuration loaded successfully from system property: oxd.server.config. 2016-07-21 10:10:59,170 TRACE [org.xdi.oxd.server.service.ConfigurationService] Configuration: Configuration{port=8099, timeOutInSeconds=0, jettyPort=8098, startJetty=false, registerClientAppType='web', registerClientResponesType='code', localhostOnly=true, useClientAuthenticationForPat=true, trustAllCerts=true, keyStorePath='', keyStorePassword='', licenseServerEndpoint='', licenseId='', publicKey='', publicPassword='', licensePassword='', licenseCheckPeriodInHours=24, opHost='https://sso.lobosstudios.com'} 2016-07-21 10:10:59,214 ERROR [org.xdi.oxd.server.service.ConfigurationService] String index out of range: -1 java.lang.StringIndexOutOfBoundsException: String index out of range: -1 at java.lang.String.substring(Unknown Source) at org.xdi.oxd.server.service.ConfigurationService.getConfDirectoryPath(ConfigurationService.java:57) at org.xdi.oxd.server.service.ConfigurationService.getConfDirectoryFile(ConfigurationService.java:44) at org.xdi.oxd.server.service.SiteConfigurationService.load(SiteConfigurationService.java:47) at org.xdi.oxd.server.ServerLauncher.startOxd(ServerLauncher.java:65) at org.xdi.oxd.server.ServerLauncher.start(ServerLauncher.java:58) at org.xdi.oxd.server.ServerLauncher.main(ServerLauncher.java:48) 2016-07-21 10:10:59,231 INFO [org.xdi.oxd.server.service.ConfigurationService] Configuration directory: U:\var\test\oxd-server-2.4.3-SNAPSHOT-distribution\bin\..\conf 2016-07-21 10:10:59,234 TRACE [org.xdi.oxd.server.service.SiteConfigurationService] Loading site file name: oxd-default-site-config.json 2016-07-21 10:10:59,267 ERROR [org.xdi.oxd.server.license.LicenseUpdateService] Failed to start LicenseUpdateService. Configuration licenseId or licenseServerEndpoint is empty. 2016-07-21 10:10:59,267 DEBUG [org.xdi.oxd.server.license.LicenseService] licenseChanged: false 2016-07-21 10:10:59,282 DEBUG [org.xdi.oxd.server.license.LicenseService] License file location: U:\var\test\oxd-server-2.4.3-SNAPSHOT-distribution\bin\.oxd-license 2016-07-21 10:10:59,283 ERROR [org.xdi.oxd.server.license.LicenseFile] No content to map to Object due to end of input java.io.EOFException: No content to map to Object due to end of input at org.codehaus.jackson.map.ObjectMapper._initForReading(ObjectMapper.java:2775) at org.codehaus.jackson.map.ObjectMapper._readMapAndClose(ObjectMapper.java:2718) at org.codehaus.jackson.map.ObjectMapper.readValue(ObjectMapper.java:1909) at org.xdi.oxd.server.license.LicenseFile.create(LicenseFile.java:46) at org.xdi.oxd.server.license.LicenseService.loadLicenseFile(LicenseService.java:132) at org.xdi.oxd.server.license.LicenseService.validate(LicenseService.java:73) at org.xdi.oxd.server.license.LicenseService.<init>(LicenseService.java:56) at org.xdi.oxd.server.service.SocketService.listenSocket(SocketService.java:58) at org.xdi.oxd.server.ServerLauncher.startOxd(ServerLauncher.java:66) at org.xdi.oxd.server.ServerLauncher.start(ServerLauncher.java:58) at org.xdi.oxd.server.ServerLauncher.main(ServerLauncher.java:48) 2016-07-21 10:10:59,332 INFO [org.xdi.oxd.server.service.SocketService] Server runs in free license mode which delays commands execution on 0.5 second for each command. In order to remove the transaction limitations placed on the free version of oxD, you need to purchase a commercial license at oxd.gluu.org 2016-07-21 10:10:59,333 INFO [org.xdi.oxd.server.service.SocketService] Server socket is bound to port: 8099, with timeout: 0 seconds. Start listening for notifications. 2016-07-21 10:11:47,301 DEBUG [org.xdi.oxd.server.service.SocketService] Start new SocketProcessor... 2016-07-21 10:11:47,302 ERROR [org.xdi.oxd.server.license.LicenseUpdateService] Failed to start LicenseUpdateService. Configuration licenseId or licenseServerEndpoint is empty. 2016-07-21 10:11:47,303 DEBUG [org.xdi.oxd.server.license.LicenseService] licenseChanged: false 2016-07-21 10:11:47,303 DEBUG [org.xdi.oxd.server.license.LicenseService] License file location: U:\var\test\oxd-server-2.4.3-SNAPSHOT-distribution\bin\.oxd-license 2016-07-21 10:11:47,303 ERROR [org.xdi.oxd.server.license.LicenseFile] No content to map to Object due to end of input java.io.EOFException: No content to map to Object due to end of input at org.codehaus.jackson.map.ObjectMapper._initForReading(ObjectMapper.java:2775) at org.codehaus.jackson.map.ObjectMapper._readMapAndClose(ObjectMapper.java:2718) at org.codehaus.jackson.map.ObjectMapper.readValue(ObjectMapper.java:1909) at org.xdi.oxd.server.license.LicenseFile.create(LicenseFile.java:46) at org.xdi.oxd.server.license.LicenseService.loadLicenseFile(LicenseService.java:132) at org.xdi.oxd.server.license.LicenseService.validate(LicenseService.java:73) at org.xdi.oxd.server.license.LicenseService.<init>(LicenseService.java:56) at org.xdi.oxd.server.license.LicenseService$$FastClassByGuice$$bd74ee5e.newInstance(<generated>) at com.google.inject.internal.cglib.reflect.$FastConstructor.newInstance(FastConstructor.java:40) at com.google.inject.internal.DefaultConstructionProxyFactory$1.newInstance(DefaultConstructionProxyFactory.java:60) at com.google.inject.internal.ConstructorInjector.construct(ConstructorInjector.java:85) at com.google.inject.internal.ConstructorBindingImpl$Factory.get(ConstructorBindingImpl.java:254) at com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.java:46) at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1031) at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.java:40) at com.google.inject.Scopes$1$1.get(Scopes.java:65) at com.google.inject.internal.InternalFactoryToProviderAdapter.get(InternalFactoryToProviderAdapter.java:40) at com.google.inject.internal.InjectorImpl$4$1.call(InjectorImpl.java:978) at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.java:1024) at com.google.inject.internal.InjectorImpl$4.get(InjectorImpl.java:974) at com.google.inject.internal.InjectorImpl.getInstance(InjectorImpl.java:1013) at org.xdi.oxd.server.SocketProcessor.<init>(SocketProcessor.java:37) at org.xdi.oxd.server.service.SocketService.listenSocket(SocketService.java:91) at org.xdi.oxd.server.ServerLauncher.startOxd(ServerLauncher.java:66) at org.xdi.oxd.server.ServerLauncher.start(ServerLauncher.java:58) at org.xdi.oxd.server.ServerLauncher.main(ServerLauncher.java:48) 2016-07-21 10:11:47,312 TRACE [org.xdi.oxd.server.SocketProcessor] Socket processor handling... 2016-07-21 10:11:47,314 TRACE [org.xdi.oxd.common.CoreUtils] commandSize: -1, stringStorage: 2016-07-21 10:11:47,561 TRACE [org.xdi.oxd.common.CoreUtils] Parsed sizeString: 0364, commandSize: 364 2016-07-21 10:11:47,563 TRACE [org.xdi.oxd.common.CoreUtils] Read result: ReadResult{m_command='{"command":"implicit_flow","params":{"scope":"openid","nonce":"44693e46-f29a-4148-9f08-9851f87abb37","discovery_url":"https://sso.lobosstudios.com/.well-known/openid-configuration","redirect_url":"https://360.lobosstudios.com/callback","client_id":"@!2920.FAD2.FB38.9BC5!0001!9227.0E3D!0008!9EC6.7B6C","client_secret":"test","user_id":"test","user_secret":"test"}}', m_leftString=''} 2016-07-21 10:11:47,564 TRACE [org.xdi.oxd.server.Processor] Command: {"command":"implicit_flow","params":{"scope":"openid","nonce":"44693e46-f29a-4148-9f08-9851f87abb37","discovery_url":"https://sso.lobosstudios.com/.well-known/openid-configuration","redirect_url":"https://360.lobosstudios.com/callback","client_id":"@!2920.FAD2.FB38.9BC5!0001!9227.0E3D!0008!9EC6.7B6C","client_secret":"test","user_id":"test","user_secret":"test"}} 2016-07-21 10:11:48,118 TRACE [org.xdi.oxd.server.service.HttpService] Created TRUST_ALL client. 2016-07-21 10:11:49,876 WARN [org.apache.http.client.protocol.ResponseProcessCookies] Cookie rejected: "[version: 0][name: JSESSIONID][value: 21120D8C1F6101D7F78AE4F5CC6F4421][domain: sso.lobosstudios.com][path: /oxauth/][expiry: null]". Illegal path attribute "/oxauth/". Path of origin: "/.well-known/openid-configuration" 2016-07-21 10:11:49,901 ERROR [org.xdi.oxauth.client.OpenIdConfigurationClient] JSONObject["scope"] is not a JSONArray. org.codehaus.jettison.json.JSONException: JSONObject["scope"] is not a JSONArray. at org.codehaus.jettison.json.JSONObject.getJSONArray(JSONObject.java:440) at org.xdi.oxauth.client.OpenIdConfigurationResponse.parseScopeToClaimsMapping(OpenIdConfigurationResponse.java:132) at org.xdi.oxauth.client.OpenIdConfigurationClient._execOpenIdConfiguration(OpenIdConfigurationClient.java:156) at org.xdi.oxauth.client.OpenIdConfigurationClient.execOpenIdConfiguration(OpenIdConfigurationClient.java:78) at org.xdi.oxd.server.service.DiscoveryService.getConnectDiscoveryResponse(DiscoveryService.java:60) at org.xdi.oxd.server.op.ImplicitFlowOperation.execute(ImplicitFlowOperation.java:42) at org.xdi.oxd.server.Processor.process(Processor.java:90) at org.xdi.oxd.server.Processor.process(Processor.java:49) at org.xdi.oxd.server.SocketProcessor.run(SocketProcessor.java:61) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) 2016-07-21 10:11:49,923 TRACE [org.xdi.oxd.server.service.DiscoveryService] Discovery response: { "issuer": "https://sso.lobosstudios.com", "authorization_endpoint": "https://sso.lobosstudios.com/oxauth/seam/resource/restv1/oxauth/authorize", "token_endpoint": "https://sso.lobosstudios.com/oxauth/seam/resource/restv1/oxauth/token", "userinfo_endpoint": "https://sso.lobosstudios.com/oxauth/seam/resource/restv1/oxauth/userinfo", "clientinfo_endpoint": "https://sso.lobosstudios.com/oxauth/seam/resource/restv1/oxauth/clientinfo", "check_session_iframe": "https://sso.lobosstudios.com/oxauth/opiframe", "end_session_endpoint": "https://sso.lobosstudios.com/oxauth/seam/resource/restv1/oxauth/end_session", "jwks_uri": "https://sso.lobosstudios.com/oxauth/seam/resource/restv1/oxauth/jwks", "registration_endpoint": "https://sso.lobosstudios.com/oxauth/seam/resource/restv1/oxauth/register", "validate_token_endpoint": "https://sso.lobosstudios.com/oxauth/seam/resource/restv1/oxauth/validate", "federation_metadata_endpoint": "https://sso.lobosstudios.com/oxauth/seam/resource/restv1/oxauth/federationmetadata", "federation_endpoint": "https://sso.lobosstudios.com/oxauth/seam/resource/restv1/oxauth/federation", "id_generation_endpoint": "https://sso.lobosstudios.com/oxauth/seam/resource/restv1/id", "introspection_endpoint": "https://sso.lobosstudios.com/oxauth/seam/resource/restv1/introspection", "scopes_supported": [ "address", "clientinfo", "mobile_phone", "profile", "email", "uma_authorization", "uma_protection", "user_name", "phone", "openid" ], "response_types_supported": [ "code", "code id_token", "token", "token id_token", "code token", "code token id_token", "id_token" ], "grant_types_supported": [ "authorization_code", "implicit", "urn:ietf:params:oauth:grant-type:jwt-bearer" ], "acr_values_supported": ["internal"], "subject_types_supported": [ "public", "pairwise" ], "userinfo_signing_alg_values_supported": [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "userinfo_encryption_alg_values_supported": [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "userinfo_encryption_enc_values_supported": [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "id_token_signing_alg_values_supported": [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "id_token_encryption_alg_values_supported": [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "id_token_encryption_enc_values_supported": [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "request_object_signing_alg_values_supported": [ "none", "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "request_object_encryption_alg_values_supported": [ "RSA1_5", "RSA-OAEP", "A128KW", "A256KW" ], "request_object_encryption_enc_values_supported": [ "A128CBC+HS256", "A256CBC+HS512", "A128GCM", "A256GCM" ], "token_endpoint_auth_methods_supported": [ "client_secret_basic", "client_secret_post", "client_secret_jwt", "private_key_jwt" ], "token_endpoint_auth_signing_alg_values_supported": [ "HS256", "HS384", "HS512", "RS256", "RS384", "RS512", "ES256", "ES384", "ES512" ], "display_values_supported": [ "page", "popup" ], "claim_types_supported": ["normal"], "claims_supported": [ "birthdate", "locality", "country", "name", "email", "email_verified", "given_name", "gender", "formatted", "phone_number", "iname", "inum", "family_name", "updated_at", "locale", "middle_name", "phone_mobile_number", "nickname", "o", "phone_number_verified", "picture", "postal_code", "preferred_username", "profile", "region", "street_address", "zoneinfo", "user_name", "website" ], "service_documentation": "http://gluu.org/docs", "claims_locales_supported": ["en"], "ui_locales_supported": [ "en", "es" ], "scope_to_claims_mapping": [ { "scope": "address", "claims": [ "formatted", "postal_code", "street_address", "locality", "country", "region" ] }, { "scope": "clientinfo", "claims": [ "name", "inum" ] }, { "scope": "mobile_phone", "claims": ["phone_mobile_number"] }, { "scope": "profile", "claims": [ "name", "family_name", "given_name", "middle_name", "nickname", "preferred_username", "profile", "picture", "website", "gender", "birthdate", "zoneinfo", "locale", "updated_at" ] }, { "scope": "email", "claims": [ "email_verified", "email" ] }, { "scope": "uma_authorization", "claims": [] }, { "scope": "uma_protection", "claims": [] }, { "scope": "user_name", "claims": ["user_name"] }, { "scope": "phone", "claims": [ "phone_number_verified", "phone_number" ] }, { "scope": "openid", "claims": ["inum"] } ], "claims_parameter_supported": true, "request_parameter_supported": true, "request_uri_parameter_supported": true, "require_request_uri_registration": false, "op_policy_uri": "http://ox.gluu.org/doku.php?id=oxauth:policy", "op_tos_uri": "http://ox.gluu.org/doku.php?id=oxauth:tos", "http_logout_supported": "true", "logout_session_supported": "true" } 2016-07-21 10:11:50,360 TRACE [org.xdi.oxd.server.service.HttpService] Created TRUST_ALL client. ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/seam/resource/restv1/oxauth/authorize HTTP/1.1 Host: sso.lobosstudios.com Authorization: Basic dGVzdDp0ZXN0 response_type=code+id_token&client_id=%40%212920.FAD2.FB38.9BC5%210001%219227.0E3D%210008%219EC6.7B6C&scope=openid&redirect_uri=https%3A%2F%2F360.lobosstudios.com%2Fcallback&state=af0ifjsldkj&nonce=bdbee6b0-05a2-4ab3-95e8-b56dde57b39d&prompt=none ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 302 Location: https://360.lobosstudios.com/callback#session_state=74e5cd94-07f2-4441-98e3-e07635a87c19&scope=openid&state=af0ifjsldkj&code=97db25bc-d77f-4fb0-a744-830f6cc235db&id_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjZjZDBkNzY5LTMxNWQtNDVmOS04Nzk2LTczODI0M2VjOWQ0ZiJ9.eyJpc3MiOiJodHRwczovL3Nzby5sb2Jvc3N0dWRpb3MuY29tIiwiYXVkIjoiQCEyOTIwLkZBRDIuRkIzOC45QkM1ITAwMDEhOTIyNy4wRTNEITAwMDghOUVDNi43QjZDIiwiZXhwIjoxNDY5MDg5MDc5LCJpYXQiOjE0NjkwODU0NzksIm5vbmNlIjoiYmRiZWU2YjAtMDVhMi00YWIzLTk1ZTgtYjU2ZGRlNTdiMzlkIiwiYXV0aF90aW1lIjoxNDY5MDg1NDc5LCJjX2hhc2giOiIySV9WRU9HUGNja0wxRXE5cWU1UUhBIiwib3hWYWxpZGF0aW9uVVJJIjoiaHR0cHM6Ly9zc28ubG9ib3NzdHVkaW9zLmNvbS9veGF1dGgvb3BpZnJhbWUiLCJveE9wZW5JRENvbm5lY3RWZXJzaW9uIjoib3BlbmlkY29ubmVjdC0xLjAiLCJpbnVtIjoiQCEyOTIwLkZBRDIuRkIzOC45QkM1ITAwMDEhOTIyNy4wRTNEITAwMDAhQ0YwNy44RkVFIiwic3ViIjoiYTk2YmQ1NzMtYjc4NS00ZTcwLTkxNWItOTNlNTdjMGJiYTUwIn0.gMcIOxgxiSWtWXsqPiEAz5v5e-osFHV-0BaDPY-uikN4i19tZ8yhRXwFzT1tId-LzILbH-zkbQqkUtgM5LJh5xc7cdkaH9iLXFzUltOBgEEkFdBVFjjknkz1_Bh1_If_LKYgJM0FyRgCl2wAgMaWs2h9E6_M6QLcZaT66reGGR3XrsaCPLzDlFGU6bOCM-WUpdBG93nnD2Cicnz8ocXtA56n81idAQDdxb6vBU-HlHXDM1WhWYyxllbYi0B5-5PKNcO79ocvG0alDxFrCxgG3nhmIf71xtYiw105-Op-rtUgGxAO01p812qEaQaIlMTb5wYRtJFVmD-oQkuuCuNNuQ 2016-07-21 10:11:51,101 TRACE [org.xdi.oxd.server.service.HttpService] Created TRUST_ALL client. ------------------------------------------------------- REQUEST: ------------------------------------------------------- POST /oxauth/seam/resource/restv1/oxauth/token HTTP/1.1 Content-Type: application/x-www-form-urlencoded Host: sso.lobosstudios.com Authorization: Basic QCEyOTIwLkZBRDIuRkIzOC45QkM1ITAwMDEhOTIyNy4wRTNEITAwMDghOUVDNi43QjZDOnRlc3Q= grant_type=authorization_code&code=97db25bc-d77f-4fb0-a744-830f6cc235db&redirect_uri=https%3A%2F%2F360.lobosstudios.com%2Fcallback&scope=openid ------------------------------------------------------- RESPONSE: ------------------------------------------------------- HTTP/1.1 200 Content-Type: application/json Cache-Control: no-store Pragma: no-cache {"access_token":"432af971-4ba5-47b3-8cb5-1028a808f7cf","token_type":"bearer","expires_in":299,"refresh_token":"16d4e7e2-1e11-4360-a32e-a4ec83fbb0f9","scope":"openid","id_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjZjZDBkNzY5LTMxNWQtNDVmOS04Nzk2LTczODI0M2VjOWQ0ZiJ9.eyJpc3MiOiJodHRwczovL3Nzby5sb2Jvc3N0dWRpb3MuY29tIiwiYXVkIjoiQCEyOTIwLkZBRDIuRkIzOC45QkM1ITAwMDEhOTIyNy4wRTNEITAwMDghOUVDNi43QjZDIiwiZXhwIjoxNDY5MDg5MDgwLCJpYXQiOjE0NjkwODU0ODAsIm5vbmNlIjoiYmRiZWU2YjAtMDVhMi00YWIzLTk1ZTgtYjU2ZGRlNTdiMzlkIiwiYXV0aF90aW1lIjoxNDY5MDg1NDc5LCJhdF9oYXNoIjoibmRqX2p6LTNBVU9nMFJBcG42Vi1OUSIsIm94VmFsaWRhdGlvblVSSSI6Imh0dHBzOi8vc3NvLmxvYm9zc3R1ZGlvcy5jb20vb3hhdXRoL29waWZyYW1lIiwib3hPcGVuSURDb25uZWN0VmVyc2lvbiI6Im9wZW5pZGNvbm5lY3QtMS4wIiwiaW51bSI6IkAhMjkyMC5GQUQyLkZCMzguOUJDNSEwMDAxITkyMjcuMEUzRCEwMDAwIUNGMDcuOEZFRSIsInN1YiI6ImE5NmJkNTczLWI3ODUtNGU3MC05MTViLTkzZTU3YzBiYmE1MCJ9.NtNjbCHSn6YUsh48A5fULJVTEa8Xd4LWvz0VxvuJqv_2cgytmGbqaSvZ_ENBkf6skSuMuVnIrGNEm3udKQhyegFkPlrwhqVarqPI92wlN-VfY4FeOKuCa697Au-wJ7GLGSj4ZlMkRaa_dS6oDti76Jx16zDSkEpQ8qipA6jho6q12GpLkbAxp1HF9pnSYdN0kPHBiYfKylOj4rQOZ9JDB08I2oD1FkRPRWnLS-D_uWSSV0jCEHflRlIbSd-uGlOOEM0tEW7j8klhhfnpt27uqrKG3fP0h0D0RDwvcAEcqTDpFwR__Z-1EvaJtU_tkhxUAzUxNPAtvbesPhEJ_u90rw"} 2016-07-21 10:11:51,952 TRACE [org.xdi.oxd.server.Processor] Send back response: {"status":"ok","data":{"scope":"openid","access_token":"432af971-4ba5-47b3-8cb5-1028a808f7cf","expires_in_seconds":299,"refresh_token":"16d4e7e2-1e11-4360-a32e-a4ec83fbb0f9","authorization_code":"97db25bc-d77f-4fb0-a744-830f6cc235db","id_token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjZjZDBkNzY5LTMxNWQtNDVmOS04Nzk2LTczODI0M2VjOWQ0ZiJ9.eyJpc3MiOiJodHRwczovL3Nzby5sb2Jvc3N0dWRpb3MuY29tIiwiYXVkIjoiQCEyOTIwLkZBRDIuRkIzOC45QkM1ITAwMDEhOTIyNy4wRTNEITAwMDghOUVDNi43QjZDIiwiZXhwIjoxNDY5MDg5MDgwLCJpYXQiOjE0NjkwODU0ODAsIm5vbmNlIjoiYmRiZWU2YjAtMDVhMi00YWIzLTk1ZTgtYjU2ZGRlNTdiMzlkIiwiYXV0aF90aW1lIjoxNDY5MDg1NDc5LCJhdF9oYXNoIjoibmRqX2p6LTNBVU9nMFJBcG42Vi1OUSIsIm94VmFsaWRhdGlvblVSSSI6Imh0dHBzOi8vc3NvLmxvYm9zc3R1ZGlvcy5jb20vb3hhdXRoL29waWZyYW1lIiwib3hPcGVuSURDb25uZWN0VmVyc2lvbiI6Im9wZW5pZGNvbm5lY3QtMS4wIiwiaW51bSI6IkAhMjkyMC5GQUQyLkZCMzguOUJDNSEwMDAxITkyMjcuMEUzRCEwMDAwIUNGMDcuOEZFRSIsInN1YiI6ImE5NmJkNTczLWI3ODUtNGU3MC05MTViLTkzZTU3YzBiYmE1MCJ9.NtNjbCHSn6YUsh48A5fULJVTEa8Xd4LWvz0VxvuJqv_2cgytmGbqaSvZ_ENBkf6skSuMuVnIrGNEm3udKQhyegFkPlrwhqVarqPI92wlN-VfY4FeOKuCa697Au-wJ7GLGSj4ZlMkRaa_dS6oDti76Jx16zDSkEpQ8qipA6jho6q12GpLkbAxp1HF9pnSYdN0kPHBiYfKylOj4rQOZ9JDB08I2oD1FkRPRWnLS-D_uWSSV0jCEHflRlIbSd-uGlOOEM0tEW7j8klhhfnpt27uqrKG3fP0h0D0RDwvcAEcqTDpFwR__Z-1EvaJtU_tkhxUAzUxNPAtvbesPhEJ_u90rw"}} 2016-07-21 10:11:51,954 TRACE [org.xdi.oxd.server.SocketProcessor] Socket processor handling... 2016-07-21 10:11:51,955 TRACE [org.xdi.oxd.common.CoreUtils] commandSize: -1, stringStorage: 2016-07-21 10:11:52,011 TRACE [org.xdi.oxd.common.CoreUtils] End of stream. Quit. 2016-07-21 10:11:52,011 TRACE [org.xdi.oxd.server.SocketProcessor] Quit. Read result is null or command string is blank. ```

By Steve Sobol user 21 Jul 2016 at 9:27 p.m. CDT

Copy
Steve Sobol gravatar
Got the "plaintext connection?" message trying to connect to my server. Was ok connecting to the Gluu server. Stand by for logs.

By Steve Sobol user 21 Jul 2016 at 9:32 p.m. CDT

Copy
Steve Sobol gravatar
Looking into an issue I found. Please stand by ``` Exception in thread "main" javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? at sun.security.ssl.InputRecord.handleUnknownRecord(InputRecord.java:710) at sun.security.ssl.InputRecord.read(InputRecord.java:527) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:747) at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123) at org.apache.http.impl.io.AbstractSessionOutputBuffer.flushBuffer(AbstractSessionOutputBuffer.java:147) at org.apache.http.impl.io.AbstractSessionOutputBuffer.flush(AbstractSessionOutputBuffer.java:154) at org.apache.http.impl.AbstractHttpClientConnection.doFlush(AbstractHttpClientConnection.java:278) at org.apache.http.impl.AbstractHttpClientConnection.flush(AbstractHttpClientConnection.java:283) at org.apache.http.impl.conn.ManagedClientConnectionImpl.flush(ManagedClientConnectionImpl.java:175) at org.apache.http.protocol.HttpRequestExecutor.doSendRequest(HttpRequestExecutor.java:260) at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:125) at org.apache.http.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:717) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:522) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805) at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784) at test.SslTest.main(SslTest.java:33) c95991c74a Valid from Thu Nov 09 19:00:00 EST 2006 until Sun Nov 09 19:00:00 EST 2031 adding as trusted cert: Subject: CN=Microsec e-Szigno Root CA, OU=e-Szigno CA, O=Microsec Ltd., L=Budapest, C=HU Issuer: CN=Microsec e-Szigno Root CA, OU=e-Szigno CA, O=Microsec Ltd., L=Budapest, C=HU Algorithm: RSA; Serial number: 0xccb8e7bf4e291afda2dc66a51c2c0f11 Valid from Wed Apr 06 08:28:44 EDT 2005 until Thu Apr 06 08:28:44 EDT 2017 adding as trusted cert: Subject: CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM Issuer: CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM Algorithm: RSA; Serial number: 0x445734245b81899b35f2ceb82b3b5ba726f07528 Valid from Thu Jan 12 13:59:32 EST 2012 until Sun Jan 12 13:59:32 EST 2042 adding as trusted cert: Subject: CN=DigiCert Trusted Root G4, OU=www.digicert.com, O=DigiCert Inc, C=US Issuer: CN=DigiCert Trusted Root G4, OU=www.digicert.com, O=DigiCert Inc, C=US Algorithm: RSA; Serial number: 0x59b1b579e8e2132e23907bda777755c Valid from Thu Aug 01 08:00:00 EDT 2013 until Fri Jan 15 07:00:00 EST 2038 adding as trusted cert: Subject: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US Issuer: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US Algorithm: RSA; Serial number: 0x4 Valid from Mon Jun 21 00:00:00 EDT 1999 until Sun Jun 21 00:00:00 EDT 2020 adding as trusted cert: Subject: CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US Issuer: CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US Algorithm: RSA; Serial number: 0x18acb56afd69b6153a636cafdafac4a1 Valid from Sun Nov 26 19:00:00 EST 2006 until Wed Jul 16 19:59:59 EDT 2036 adding as trusted cert: Subject: C=IL, O=ComSign, CN=ComSign CA Issuer: C=IL, O=ComSign, CN=ComSign CA Algorithm: RSA; Serial number: 0x1413968314558cea7b63e5fc34877744 Valid from Wed Mar 24 06:32:18 EST 2004 until Mon Mar 19 11:02:18 EDT 2029 adding as trusted cert: Subject: O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Aralık 2007, L=Ankara, C=TR, CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı Issuer: O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Aralık 2007, L=Ankara, C=TR, CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı Algorithm: RSA; Serial number: 0x1 Valid from Tue Dec 25 13:37:19 EST 2007 until Fri Dec 22 13:37:19 EST 2017 adding as trusted cert: Subject: OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.", C=JP Issuer: OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.", C=JP Algorithm: RSA; Serial number: 0x0 Valid from Fri May 29 01:00:39 EDT 2009 until Tue May 29 01:00:39 EDT 2029 adding as trusted cert: Subject: CN=Staat der Nederlanden Root CA, O=Staat der Nederlanden, C=NL Issuer: CN=Staat der Nederlanden Root CA, O=Staat der Nederlanden, C=NL Algorithm: RSA; Serial number: 0x98968a Valid from Tue Dec 17 04:23:49 EST 2002 until Wed Dec 16 04:15:38 EST 2015 adding as trusted cert: Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US Algorithm: RSA; Serial number: 0x7dd9fe07cfa81eb7107967fba78934c6 Valid from Sun May 17 20:00:00 EDT 1998 until Tue Aug 01 19:59:59 EDT 2028 adding as trusted cert: Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US Issuer: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US Algorithm: RSA; Serial number: 0x1 Valid from Mon Jun 21 00:00:00 EDT 1999 until Sun Jun 21 00:00:00 EDT 2020 adding as trusted cert: Subject: OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd.", C=TW Issuer: OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd.", C=TW Algorithm: RSA; Serial number: 0x15c8bd65475cafb897005ee406d2bc9d Valid from Sun Dec 19 21:31:27 EST 2004 until Tue Dec 19 21:31:27 EST 2034 adding as trusted cert: Subject: CN=AffirmTrust Commercial, O=AffirmTrust, C=US Issuer: CN=AffirmTrust Commercial, O=AffirmTrust, C=US Algorithm: RSA; Serial number: 0x7777062726a9b17c Valid from Fri Jan 29 09:06:06 EST 2010 until Tue Dec 31 09:06:06 EST 2030 adding as trusted cert: Subject: CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL Issuer: CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL Algorithm: RSA; Serial number: 0x444c0 Valid from Wed Oct 22 08:07:37 EDT 2008 until Mon Dec 31 07:07:37 EST 2029 adding as trusted cert: Subject: CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL Issuer: CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL Algorithm: RSA; Serial number: 0x1 Valid from Sun Sep 17 15:46:36 EDT 2006 until Wed Sep 17 15:46:36 EDT 2036 adding as trusted cert: Subject: CN=Certinomis - Autorité Racine, OU=0002 433998903, O=Certinomis, C=FR Issuer: CN=Certinomis - Autorité Racine, OU=0002 433998903, O=Certinomis, C=FR Algorithm: RSA; Serial number: 0x1 Valid from Wed Sep 17 04:28:59 EDT 2008 until Sun Sep 17 04:28:59 EDT 2028 adding as trusted cert: Subject: CN=DST ACES CA X6, OU=DST ACES, O=Digital Signature Trust, C=US Issuer: CN=DST ACES CA X6, OU=DST ACES, O=Digital Signature Trust, C=US Algorithm: RSA; Serial number: 0xd5e990ad69db778ecd807563b8615d9 Valid from Thu Nov 20 16:19:58 EST 2003 until Mon Nov 20 16:19:58 EST 2017 adding as trusted cert: Subject: CN=XRamp Global Certification Authority, O=XRamp Security Services Inc, OU=www.xrampsecurity.com, C=US Issuer: CN=XRamp Global Certification Authority, O=XRamp Security Services Inc, OU=www.xrampsecurity.com, C=US Algorithm: RSA; Serial number: 0x50946cec18ead59c4dd597ef758fa0ad Valid from Mon Nov 01 12:14:04 EST 2004 until Mon Jan 01 00:37:19 EST 2035 adding as trusted cert: Subject: CN=EC-ACC, OU=Jerarquia Entitats de Certificacio Catalanes, OU=Vegeu https://www.catcert.net/verarrel (c)03, OU=Serveis Publics de Certificacio, O=Agencia Catalana de Certificacio (NIF Q-0801176-I), C=ES Issuer: CN=EC-ACC, OU=Jerarquia Entitats de Certificacio Catalanes, OU=Vegeu https://www.catcert.net/verarrel (c)03, OU=Serveis Publics de Certificacio, O=Agencia Catalana de Certificacio (NIF Q-0801176-I), C=ES Algorithm: RSA; Serial number: 0x-11d4c2142bde21eb579d53fb0c223bff Valid from Tue Jan 07 18:00:00 EST 2003 until Tue Jan 07 17:59:59 EST 2031 adding as trusted cert: Subject: CN=CA Disig Root R1, O=Disig a.s., L=Bratislava, C=SK Issuer: CN=CA Disig Root R1, O=Disig a.s., L=Bratislava, C=SK Algorithm: RSA; Serial number: 0xc3039aee50906e28 Valid from Thu Jul 19 05:06:56 EDT 2012 until Sat Jul 19 05:06:56 EDT 2042 adding as trusted cert: Subject: CN=Sonera Class2 CA, O=Sonera, C=FI Issuer: CN=Sonera Class2 CA, O=Sonera, C=FI Algorithm: RSA; Serial number: 0x1d Valid from Fri Apr 06 03:29:40 EDT 2001 until Tue Apr 06 03:29:40 EDT 2021 adding as trusted cert: Subject: CN=GeoTrust Primary Certification Authority - G2, OU=(c) 2007 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US Issuer: CN=GeoTrust Primary Certification Authority - G2, OU=(c) 2007 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US Algorithm: EC; Serial number: 0x3cb2f4480a00e2feeb243b5e603ec36b Valid from Sun Nov 04 19:00:00 EST 2007 until Mon Jan 18 18:59:59 EST 2038 adding as trusted cert: Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US Algorithm: RSA; Serial number: 0x35def4cf Valid from Sat Aug 22 12:41:51 EDT 1998 until Wed Aug 22 12:41:51 EDT 2018 adding as trusted cert: Subject: CN=Certinomis - Root CA, OU=0002 433998903, O=Certinomis, C=FR Issuer: CN=Certinomis - Root CA, OU=0002 433998903, O=Certinomis, C=FR Algorithm: RSA; Serial number: 0x1 Valid from Mon Oct 21 05:17:18 EDT 2013 until Fri Oct 21 05:17:18 EDT 2033 adding as trusted cert: Subject: CN=CA 沃通根证书, O=WoSign CA Limited, C=CN Issuer: CN=CA 沃通根证书, O=WoSign CA Limited, C=CN Algorithm: RSA; Serial number: 0x50706bcdd813fc1b4e3b3372d211488d Valid from Fri Aug 07 21:00:01 EDT 2009 until Sun Aug 07 21:00:01 EDT 2039 adding as trusted cert: Subject: CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Issuer: CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Algorithm: EC; Serial number: 0x1f47afaa62007050544c019e9b63992a Valid from Wed Mar 05 19:00:00 EST 2008 until Mon Jan 18 18:59:59 EST 2038 adding as trusted cert: Subject: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Issuer: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Algorithm: RSA; Serial number: 0x2ac5c266a0b409b8f0b79f2ae462577 Valid from Thu Nov 09 19:00:00 EST 2006 until Sun Nov 09 19:00:00 EST 2031 adding as trusted cert: Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3 Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3 Algorithm: RSA; Serial number: 0x4000000000121585308a2 Valid from Wed Mar 18 06:00:00 EDT 2009 until Sun Mar 18 06:00:00 EDT 2029 adding as trusted cert: Subject: CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US Issuer: CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US Algorithm: RSA; Serial number: 0x1 Valid from Thu Mar 04 00:00:00 EST 2004 until Sun Mar 04 00:00:00 EST 2029 adding as trusted cert: Subject: CN=Certification Authority of WoSign, O=WoSign CA Limited, C=CN Issuer: CN=Certification Authority of WoSign, O=WoSign CA Limited, C=CN Algorithm: RSA; Serial number: 0x5e68d61171946350560068f33ec9c591 Valid from Fri Aug 07 21:00:01 EDT 2009 until Sun Aug 07 21:00:01 EDT 2039 adding as trusted cert: Subject: CN=GeoTrust Universal CA 2, O=GeoTrust Inc., C=US Issuer: CN=GeoTrust Universal CA 2, O=GeoTrust Inc., C=US Algorithm: RSA; Serial number: 0x1 Valid from Thu Mar 04 00:00:00 EST 2004 until Sun Mar 04 00:00:00 EST 2029 adding as trusted cert: Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE Algorithm: RSA; Serial number: 0x20000b9 Valid from Fri May 12 14:46:00 EDT 2000 until Mon May 12 19:59:00 EDT 2025 adding as trusted cert: Subject: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB Issuer: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB Algorithm: RSA; Serial number: 0x1 Valid from Wed Dec 31 19:00:00 EST 2003 until Sun Dec 31 18:59:59 EST 2028 adding as trusted cert: Subject: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US Issuer: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US Algorithm: RSA; Serial number: 0x0 Valid from Tue Jun 29 13:39:16 EDT 2004 until Thu Jun 29 13:39:16 EDT 2034 adding as trusted cert: Subject: CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU Issuer: CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU Algorithm: RSA; Serial number: 0x0 Valid from Tue Sep 30 12:13:43 EDT 2003 until Wed Sep 30 12:13:44 EDT 2037 adding as trusted cert: Subject: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US Issuer: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362afe650afd Valid from Fri Jul 09 14:10:42 EDT 1999 until Tue Jul 09 14:19:22 EDT 2019 adding as trusted cert: Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Algorithm: RSA; Serial number: 0x9b7e0649a33e62b9d5ee90487129ef57 Valid from Thu Sep 30 20:00:00 EDT 1999 until Wed Jul 16 19:59:59 EDT 2036 adding as trusted cert: Subject: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE Issuer: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE Algorithm: RSA; Serial number: 0x40000000001154b5ac394 Valid from Tue Sep 01 08:00:00 EDT 1998 until Fri Jan 28 07:00:00 EST 2028 adding as trusted cert: Subject: CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5, O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş., L=Ankara, C=TR Issuer: CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5, O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş., L=Ankara, C=TR Algorithm: RSA; Serial number: 0x8e17fe242081 Valid from Tue Apr 30 04:07:01 EDT 2013 until Fri Apr 28 04:07:01 EDT 2023 adding as trusted cert: Subject: CN=AffirmTrust Networking, O=AffirmTrust, C=US Issuer: CN=AffirmTrust Networking, O=AffirmTrust, C=US Algorithm: RSA; Serial number: 0x7c4f04391cd4992d Valid from Fri Jan 29 09:08:24 EST 2010 until Tue Dec 31 09:08:24 EST 2030 adding as trusted cert: Subject: CN=TWCA Global Root CA, OU=Root CA, O=TAIWAN-CA, C=TW Issuer: CN=TWCA Global Root CA, OU=Root CA, O=TAIWAN-CA, C=TW Algorithm: RSA; Serial number: 0xcbe Valid from Wed Jun 27 02:28:33 EDT 2012 until Tue Dec 31 10:59:59 EST 2030 adding as trusted cert: Subject: CN=AffirmTrust Premium, O=AffirmTrust, C=US Issuer: CN=AffirmTrust Premium, O=AffirmTrust, C=US Algorithm: RSA; Serial number: 0x6d8c1446b1a60aee Valid from Fri Jan 29 09:10:36 EST 2010 until Mon Dec 31 09:10:36 EST 2040 adding as trusted cert: Subject: CN=NetLock Expressz (Class C) Tanusitvanykiado, OU=Tanusitvanykiadok, O=NetLock Halozatbiztonsagi Kft., L=Budapest, C=HU Issuer: CN=NetLock Expressz (Class C) Tanusitvanykiado, OU=Tanusitvanykiadok, O=NetLock Halozatbiztonsagi Kft., L=Budapest, C=HU Algorithm: RSA; Serial number: 0x68 Valid from Thu Feb 25 09:08:11 EST 1999 until Wed Feb 20 09:08:11 EST 2019 adding as trusted cert: Subject: EMAILADDRESS=igca@sgdn.pm.gouv.fr, CN=IGC/A, OU=DCSSI, O=PM/SGDN, L=Paris, ST=France, C=FR Issuer: EMAILADDRESS=igca@sgdn.pm.gouv.fr, CN=IGC/A, OU=DCSSI, O=PM/SGDN, L=Paris, ST=France, C=FR Algorithm: RSA; Serial number: 0x3911451094 Valid from Fri Dec 13 09:29:23 EST 2002 until Sat Oct 17 10:29:22 EDT 2020 adding as trusted cert: Subject: O=Government Root Certification Authority, C=TW Issuer: O=Government Root Certification Authority, C=TW Algorithm: RSA; Serial number: 0x1f9d595ad72fc20644a5800869e35ef6 Valid from Thu Dec 05 08:23:33 EST 2002 until Sun Dec 05 08:23:33 EST 2032 adding as trusted cert: Subject: CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US Issuer: CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US Algorithm: RSA; Serial number: 0x15ac6e9419b2794b41f627a9c3180f1f Valid from Tue Apr 01 20:00:00 EDT 2008 until Tue Dec 01 18:59:59 EST 2037 adding as trusted cert: Subject: CN=TWCA Root Certification Authority, OU=Root CA, O=TAIWAN-CA, C=TW Issuer: CN=TWCA Root Certification Authority, OU=Root CA, O=TAIWAN-CA, C=TW Algorithm: RSA; Serial number: 0x1 Valid from Thu Aug 28 03:24:33 EDT 2008 until Tue Dec 31 10:59:59 EST 2030 adding as trusted cert: Subject: CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU Issuer: CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU Algorithm: RSA; Serial number: 0xa3da427ea4b1aeda Valid from Fri Aug 01 08:29:50 EDT 2008 until Sat Jul 31 08:29:50 EDT 2038 adding as trusted cert: Subject: C=DE, O=Atos, CN=Atos TrustedRoot 2011 Issuer: C=DE, O=Atos, CN=Atos TrustedRoot 2011 Algorithm: RSA; Serial number: 0x5c33cb622c5fb332 Valid from Thu Jul 07 10:58:30 EDT 2011 until Tue Dec 31 18:59:59 EST 2030 adding as trusted cert: Subject: CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH Issuer: CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH Algorithm: RSA; Serial number: 0x4f1bd42f54bb2f4b Valid from Wed Oct 25 04:32:46 EDT 2006 until Sat Oct 25 04:32:46 EDT 2036 adding as trusted cert: Subject: CN=CNNIC ROOT, O=CNNIC, C=CN Issuer: CN=CNNIC ROOT, O=CNNIC, C=CN Algorithm: RSA; Serial number: 0x49330001 Valid from Mon Apr 16 03:09:14 EDT 2007 until Fri Apr 16 03:09:14 EDT 2027 adding as trusted cert: Subject: CN=SecureSign RootCA11, O="Japan Certification Services, Inc.", C=JP Issuer: CN=SecureSign RootCA11, O="Japan Certification Services, Inc.", C=JP Algorithm: RSA; Serial number: 0x1 Valid from Wed Apr 08 00:56:47 EDT 2009 until Sun Apr 08 00:56:47 EDT 2029 adding as trusted cert: Subject: CN=Entrust Root Certification Authority - G2, OU="(c) 2009 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US Issuer: CN=Entrust Root Certification Authority - G2, OU="(c) 2009 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US Algorithm: RSA; Serial number: 0x4a538c28 Valid from Tue Jul 07 13:25:54 EDT 2009 until Sat Dec 07 12:55:54 EST 2030 adding as trusted cert: Subject: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Issuer: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Algorithm: RSA; Serial number: 0xce7e0e517d846fe8fe560fc1bf03039 Valid from Thu Nov 09 19:00:00 EST 2006 until Sun Nov 09 19:00:00 EST 2031 adding as trusted cert: Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US Algorithm: RSA; Serial number: 0x0 Valid from Tue Jun 29 13:06:20 EDT 2004 until Thu Jun 29 13:06:20 EDT 2034 adding as trusted cert: Subject: CN=Secure Global CA, O=SecureTrust Corporation, C=US Issuer: CN=Secure Global CA, O=SecureTrust Corporation, C=US Algorithm: RSA; Serial number: 0x75622a4e8d48a894df413c8f0f8eaa5 Valid from Tue Nov 07 14:42:28 EST 2006 until Mon Dec 31 14:52:06 EST 2029 adding as trusted cert: Subject: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE Issuer: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE Algorithm: RSA; Serial number: 0x1 Valid from Tue May 30 06:48:38 EDT 2000 until Sat May 30 06:48:38 EDT 2020 adding as trusted cert: Subject: CN=Secure Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB Issuer: CN=Secure Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB Algorithm: RSA; Serial number: 0x1 Valid from Wed Dec 31 19:00:00 EST 2003 until Sun Dec 31 18:59:59 EST 2028 adding as trusted cert: Subject: CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE Issuer: CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE Algorithm: RSA; Serial number: 0x1 Valid from Wed Oct 01 06:29:56 EDT 2008 until Sat Oct 01 19:59:59 EDT 2033 adding as trusted cert: Subject: CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US Issuer: CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US Algorithm: EC; Serial number: 0x55556bcf25ea43535c3a40fd5ab4572 Valid from Thu Aug 01 08:00:00 EDT 2013 until Fri Jan 15 07:00:00 EST 2038 adding as trusted cert: Subject: CN=Swisscom Root CA 1, OU=Digital Certificate Services, O=Swisscom, C=ch Issuer: CN=Swisscom Root CA 1, OU=Digital Certificate Services, O=Swisscom, C=ch Algorithm: RSA; Serial number: 0x5c0b855c0be75941df57cc3f7f9da836 Valid from Thu Aug 18 08:06:20 EDT 2005 until Mon Aug 18 18:06:20 EDT 2025 adding as trusted cert: Subject: CN=PSCProcert, C=VE, O=Sistema Nacional de Certificacion Electronica, OU=Proveedor de Certificados PROCERT, ST=Miranda, L=Chacao, EMAILADDRESS=contacto@procert.net.ve Issuer: EMAILADDRESS=acraiz@suscerte.gob.ve, OU=Superintendencia de Servicios de Certificacion Electronica, O=Sistema Nacional de Certificacion Electronica, ST=Distrito Capital, L=Caracas, C=VE, CN=Autoridad de Certificacion Raiz del Estado Venezolano Algorithm: RSA; Serial number: 0xb Valid from Tue Dec 28 11:51:00 EST 2010 until Fri Dec 25 18:59:59 EST 2020 adding as trusted cert: Subject: CN=Juur-SK, O=AS Sertifitseerimiskeskus, C=EE, EMAILADDRESS=pki@sk.ee Issuer: CN=Juur-SK, O=AS Sertifitseerimiskeskus, C=EE, EMAILADDRESS=pki@sk.ee Algorithm: RSA; Serial number: 0x3b8e4bfc Valid from Thu Aug 30 10:23:01 EDT 2001 until Fri Aug 26 10:23:01 EDT 2016 adding as trusted cert: Subject: C=TR, O=EBG Bilişim Teknolojileri ve Hizmetleri A.Ş., CN=EBG Elektronik Sertifika Hizmet Sağlayıcısı Issuer: C=TR, O=EBG Bilişim Teknolojileri ve Hizmetleri A.Ş., CN=EBG Elektronik Sertifika Hizmet Sağlayıcısı Algorithm: RSA; Serial number: 0x4caf73421c8e7402 Valid from Wed Aug 16 20:21:09 EDT 2006 until Sat Aug 13 20:31:09 EDT 2016 adding as trusted cert: Subject: CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US Issuer: CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US Algorithm: RSA; Serial number: 0x44be0c8b500024b411d336252567c989 Valid from Fri Jul 09 13:28:50 EDT 1999 until Tue Jul 09 13:36:58 EDT 2019 adding as trusted cert: Subject: CN=GeoTrust Global CA 2, O=GeoTrust Inc., C=US Issuer: CN=GeoTrust Global CA 2, O=GeoTrust Inc., C=US Algorithm: RSA; Serial number: 0x1 Valid from Thu Mar 04 00:00:00 EST 2004 until Mon Mar 04 00:00:00 EST 2019 adding as trusted cert: Subject: CN=Class 2 Primary CA, O=Certplus, C=FR Issuer: CN=Class 2 Primary CA, O=Certplus, C=FR Algorithm: RSA; Serial number: 0x85bd4bf3d8dae369f694d75fc3a54423 Valid from Wed Jul 07 13:05:00 EDT 1999 until Sat Jul 06 19:59:59 EDT 2019 adding as trusted cert: Subject: CN=OISTE WISeKey Global Root GA CA, OU=OISTE Foundation Endorsed, OU=Copyright (c) 2005, O=WISeKey, C=CH Issuer: CN=OISTE WISeKey Global Root GA CA, OU=OISTE Foundation Endorsed, OU=Copyright (c) 2005, O=WISeKey, C=CH Algorithm: RSA; Serial number: 0x413d72c7f46b1f81437df1d22854df9a Valid from Sun Dec 11 11:03:44 EST 2005 until Fri Dec 11 11:09:51 EST 2037 adding as trusted cert: Subject: EMAILADDRESS=info@netlock.hu, CN=NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado, OU=Tanusitvanykiadok, O=NetLock Halozatbiztonsagi Kft., L=Budapest, C=HU Issuer: EMAILADDRESS=info@netlock.hu, CN=NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado, OU=Tanusitvanykiadok, O=NetLock Halozatbiztonsagi Kft., L=Budapest, C=HU Algorithm: RSA; Serial number: 0x7b Valid from Sat Mar 29 20:47:11 EST 2003 until Wed Dec 14 20:47:11 EST 2022 adding as trusted cert: Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US Algorithm: RSA; Serial number: 0x23456 Valid from Tue May 21 00:00:00 EDT 2002 until Sat May 21 00:00:00 EDT 2022 adding as trusted cert: Subject: CN=Network Solutions Certificate Authority, O=Network Solutions L.L.C., C=US Issuer: CN=Network Solutions Certificate Authority, O=Network Solutions L.L.C., C=US Algorithm: RSA; Serial number: 0x57cb336fc25c16e6471617e3903168e0 Valid from Thu Nov 30 19:00:00 EST 2006 until Mon Dec 31 18:59:59 EST 2029 adding as trusted cert: Subject: CN=CFCA EV ROOT, O=China Financial Certification Authority, C=CN Issuer: CN=CFCA EV ROOT, O=China Financial Certification Authority, C=CN Algorithm: RSA; Serial number: 0x184accd6 Valid from Tue Aug 07 23:07:01 EDT 2012 until Sun Dec 30 22:07:01 EST 2029 adding as trusted cert: Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH Issuer: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH Algorithm: RSA; Serial number: 0x4eb200670c035d4f Valid from Wed Oct 25 04:36:00 EDT 2006 until Sat Oct 25 04:36:00 EDT 2036 adding as trusted cert: Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R5 Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R5 Algorithm: EC; Serial number: 0x605949e0262ebb55f90a778a71f94ad86c Valid from Mon Nov 12 19:00:00 EST 2012 until Mon Jan 18 22:14:07 EST 2038 adding as trusted cert: Subject: CN=CA Disig, O=Disig a.s., L=Bratislava, C=SK Issuer: CN=CA Disig, O=Disig a.s., L=Bratislava, C=SK Algorithm: RSA; Serial number: 0x1 Valid from Tue Mar 21 20:39:34 EST 2006 until Mon Mar 21 21:39:34 EDT 2016 adding as trusted cert: Subject: CN=S-TRUST Authentication and Encryption Root CA 2005:PN, O=Deutscher Sparkassen Verlag GmbH, L=Stuttgart, ST=Baden-Wuerttemberg (BW), C=DE Issuer: CN=S-TRUST Authentication and Encryption Root CA 2005:PN, O=Deutscher Sparkassen Verlag GmbH, L=Stuttgart, ST=Baden-Wuerttemberg (BW), C=DE Algorithm: RSA; Serial number: 0x371918e653547c1ab5b8cb595adb35b7 Valid from Tue Jun 21 20:00:00 EDT 2005 until Fri Jun 21 19:59:59 EDT 2030 adding as trusted cert: Subject: CN=CA WoSign ECC Root, O=WoSign CA Limited, C=CN Issuer: CN=CA WoSign ECC Root, O=WoSign CA Limited, C=CN Algorithm: EC; Serial number: 0x684a5870806bf08f02faf6dee8b09090 Valid from Fri Nov 07 19:58:58 EST 2014 until Mon Nov 07 19:58:58 EST 2044 adding as trusted cert: Subject: CN=Hellenic Academic and Research Institutions RootCA 2011, O=Hellenic Academic and Research Institutions Cert. Authority, C=GR Issuer: CN=Hellenic Academic and Research Institutions RootCA 2011, O=Hellenic Academic and Research Institutions Cert. Authority, C=GR Algorithm: RSA; Serial number: 0x0 Valid from Tue Dec 06 08:49:52 EST 2011 until Mon Dec 01 08:49:52 EST 2031 adding as trusted cert: Subject: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Issuer: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Algorithm: RSA; Serial number: 0x6170cb498c5f984529e7b0a6d9505b7a Valid from Thu Sep 30 20:00:00 EDT 1999 until Wed Jul 16 19:59:59 EDT 2036 adding as trusted cert: Subject: CN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US Issuer: CN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US Algorithm: RSA; Serial number: 0x0 Valid from Mon Aug 31 20:00:00 EDT 2009 until Thu Dec 31 18:59:59 EST 2037 adding as trusted cert: Subject: CN=IdenTrust Public Sector Root CA 1, O=IdenTrust, C=US Issuer: CN=IdenTrust Public Sector Root CA 1, O=IdenTrust, C=US Algorithm: RSA; Serial number: 0xa0142800000014523cf467c00000002 Valid from Thu Jan 16 12:53:32 EST 2014 until Mon Jan 16 12:53:32 EST 2034 adding as trusted cert: Subject: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net Issuer: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net Algorithm: RSA; Serial number: 0x3863def8 Valid from Fri Dec 24 12:50:51 EST 1999 until Tue Jul 24 10:15:12 EDT 2029 adding as trusted cert: Subject: CN=Staat der Nederlanden Root CA - G3, O=Staat der Nederlanden, C=NL Issuer: CN=Staat der Nederlanden Root CA - G3, O=Staat der Nederlanden, C=NL Algorithm: RSA; Serial number: 0x98a239 Valid from Thu Nov 14 06:28:42 EST 2013 until Mon Nov 13 18:00:00 EST 2028 adding as trusted cert: Subject: CN=TeliaSonera Root CA v1, O=TeliaSonera Issuer: CN=TeliaSonera Root CA v1, O=TeliaSonera Algorithm: RSA; Serial number: 0x95be16a0f72e46f17b398272fa8bcd96 Valid from Thu Oct 18 08:00:50 EDT 2007 until Mon Oct 18 08:00:50 EDT 2032 adding as trusted cert: Subject: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US Issuer: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US Algorithm: RSA; Serial number: 0x344ed55720d5edec49f42fce37db2b6d Valid from Thu Nov 16 19:00:00 EST 2006 until Wed Jul 16 19:59:59 EDT 2036 adding as trusted cert: Subject: CN=sso.lobosstudios.com, OU=PositiveSSL, OU=Domain Control Validated Issuer: CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Algorithm: RSA; Serial number: 0x619e7f18c2c665d07f0a7ca2cd0f3e02 Valid from Fri Jun 10 20:00:00 EDT 2016 until Tue Jun 11 19:59:59 EDT 2019 adding as trusted cert: Subject: CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US Issuer: CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US Algorithm: RSA; Serial number: 0x0 Valid from Mon Aug 31 20:00:00 EDT 2009 until Thu Dec 31 18:59:59 EST 2037 adding as trusted cert: Subject: CN=Visa eCommerce Root, OU=Visa International Service Association, O=VISA, C=US Issuer: CN=Visa eCommerce Root, OU=Visa International Service Association, O=VISA, C=US Algorithm: RSA; Serial number: 0x1386354d1d3f06f2c1f96505d5901c62 Valid from Tue Jun 25 22:18:36 EDT 2002 until Thu Jun 23 20:16:12 EDT 2022 adding as trusted cert: Subject: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Issuer: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Algorithm: RSA; Serial number: 0x8b5b75568454850b00cfaf3848ceb1a4 Valid from Thu Sep 30 20:00:00 EDT 1999 until Wed Jul 16 19:59:59 EDT 2036 adding as trusted cert: Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Algorithm: EC; Serial number: 0x2f80fe238c0e220f486712289187acb3 Valid from Sun Nov 04 19:00:00 EST 2007 until Mon Jan 18 18:59:59 EST 2038 adding as trusted cert: Subject: CN=Staat der Nederlanden EV Root CA, O=Staat der Nederlanden, C=NL Issuer: CN=Staat der Nederlanden EV Root CA, O=Staat der Nederlanden, C=NL Algorithm: RSA; Serial number: 0x98968d Valid from Wed Dec 08 06:19:29 EST 2010 until Thu Dec 08 06:10:28 EST 2022 adding as trusted cert: Subject: CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US Issuer: CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US Algorithm: RSA; Serial number: 0x456b5054 Valid from Mon Nov 27 15:23:42 EST 2006 until Fri Nov 27 15:53:42 EST 2026 adding as trusted cert: Subject: CN=Root CA Generalitat Valenciana, OU=PKIGVA, O=Generalitat Valenciana, C=ES Issuer: CN=Root CA Generalitat Valenciana, OU=PKIGVA, O=Generalitat Valenciana, C=ES Algorithm: RSA; Serial number: 0x3b45e568 Valid from Fri Jul 06 12:22:47 EDT 2001 until Thu Jul 01 11:22:47 EDT 2021 adding as trusted cert: Subject: CN=Certification Authority of WoSign G2, O=WoSign CA Limited, C=CN Issuer: CN=Certification Authority of WoSign G2, O=WoSign CA Limited, C=CN Algorithm: RSA; Serial number: 0x6b25da8a889d7cbc0f05b3b17a614544 Valid from Fri Nov 07 19:58:58 EST 2014 until Mon Nov 07 19:58:58 EST 2044 adding as trusted cert: Subject: CN=S-TRUST Universal Root CA, OU=S-TRUST Certification Services, O=Deutscher Sparkassen Verlag GmbH, C=DE Issuer: CN=S-TRUST Universal Root CA, OU=S-TRUST Certification Services, O=Deutscher Sparkassen Verlag GmbH, C=DE Algorithm: RSA; Serial number: 0x6056c54b23405b64d4ed25dad9d61e1e Valid from Mon Oct 21 20:00:00 EDT 2013 until Thu Oct 21 19:59:59 EDT 2038 adding as trusted cert: Subject: CN=DigiCert Assured ID Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US Issuer: CN=DigiCert Assured ID Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US Algorithm: RSA; Serial number: 0xb931c3ad63967ea6723bfc3af9af44b Valid from Thu Aug 01 08:00:00 EDT 2013 until Fri Jan 15 07:00:00 EST 2038 adding as trusted cert: Subject: CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL Issuer: CN=StartCom Certification Authority, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL Algorithm: RSA; Serial number: 0x2d Valid from Sun Sep 17 15:46:37 EDT 2006 until Wed Sep 17 15:46:36 EDT 2036 adding as trusted cert: Subject: CN=Certum CA, O=Unizeto Sp. z o.o., C=PL Issuer: CN=Certum CA, O=Unizeto Sp. z o.o., C=PL Algorithm: RSA; Serial number: 0x10020 Valid from Tue Jun 11 06:46:39 EDT 2002 until Fri Jun 11 06:46:39 EDT 2027 adding as trusted cert: Subject: CN=CA Disig Root R2, O=Disig a.s., L=Bratislava, C=SK Issuer: CN=CA Disig Root R2, O=Disig a.s., L=Bratislava, C=SK Algorithm: RSA; Serial number: 0x92b888dbb08ac163 Valid from Thu Jul 19 05:15:30 EDT 2012 until Sat Jul 19 05:15:30 EDT 2042 adding as trusted cert: Subject: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE Issuer: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE Algorithm: RSA; Serial number: 0x1 Valid from Tue May 30 06:44:50 EDT 2000 until Sat May 30 06:44:50 EDT 2020 adding as trusted cert: Subject: CN=DST Root CA X3, O=Digital Signature Trust Co. Issuer: CN=DST Root CA X3, O=Digital Signature Trust Co. Algorithm: RSA; Serial number: 0x44afb080d6a327ba893039862ef8406b Valid from Sat Sep 30 17:12:19 EDT 2000 until Thu Sep 30 10:01:15 EDT 2021 adding as trusted cert: Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US Algorithm: RSA; Serial number: 0x70bae41d10d92934b638ca7b03ccbabf Valid from Sun Jan 28 19:00:00 EST 1996 until Tue Aug 01 19:59:59 EDT 2028 adding as trusted cert: Subject: CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO Issuer: CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO Algorithm: RSA; Serial number: 0x2 Valid from Tue Oct 26 04:38:03 EDT 2010 until Fri Oct 26 04:38:03 EDT 2040 adding as trusted cert: Subject: CN=D-TRUST Root Class 3 CA 2 EV 2009, O=D-Trust GmbH, C=DE Issuer: CN=D-TRUST Root Class 3 CA 2 EV 2009, O=D-Trust GmbH, C=DE Algorithm: RSA; Serial number: 0x983f4 Valid from Thu Nov 05 03:50:46 EST 2009 until Mon Nov 05 03:50:46 EST 2029 adding as trusted cert: Subject: CN=DigiCert Assured ID Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US Issuer: CN=DigiCert Assured ID Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US Algorithm: EC; Serial number: 0xba15afa1ddfa0b54944afcd24a06cec Valid from Thu Aug 01 08:00:00 EDT 2013 until Fri Jan 15 07:00:00 EST 2038 adding as trusted cert: Subject: CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH Issuer: CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH Algorithm: RSA; Serial number: 0xbb401c43f55e4fb0 Valid from Wed Oct 25 04:30:35 EDT 2006 until Sat Oct 25 04:30:35 EDT 2036 adding as trusted cert: Subject: CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US Issuer: CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US Algorithm: EC; Serial number: 0x5c8b99c55a94c5d27156decd8980cc26 Valid from Sun Jan 31 19:00:00 EST 2010 until Mon Jan 18 18:59:59 EST 2038 adding as trusted cert: Subject: OU=certSIGN ROOT CA, O=certSIGN, C=RO Issuer: OU=certSIGN ROOT CA, O=certSIGN, C=RO Algorithm: RSA; Serial number: 0x200605167002 Valid from Tue Jul 04 13:20:04 EDT 2006 until Fri Jul 04 13:20:04 EDT 2031 adding as trusted cert: Subject: CN=IdenTrust Commercial Root CA 1, O=IdenTrust, C=US Issuer: CN=IdenTrust Commercial Root CA 1, O=IdenTrust, C=US Algorithm: RSA; Serial number: 0xa0142800000014523c844b500000002 Valid from Thu Jan 16 13:12:23 EST 2014 until Mon Jan 16 13:12:23 EST 2034 adding as trusted cert: Subject: CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM Issuer: CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM Algorithm: RSA; Serial number: 0x509 Valid from Fri Nov 24 13:27:00 EST 2006 until Mon Nov 24 13:23:33 EST 2031 adding as trusted cert: Subject: CN=D-TRUST Root Class 3 CA 2 2009, O=D-Trust GmbH, C=DE Issuer: CN=D-TRUST Root Class 3 CA 2 2009, O=D-Trust GmbH, C=DE Algorithm: RSA; Serial number: 0x983f3 Valid from Thu Nov 05 03:35:58 EST 2009 until Mon Nov 05 03:35:58 EST 2029 adding as trusted cert: Subject: CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche Telekom AG, C=DE Issuer: CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche Telekom AG, C=DE Algorithm: RSA; Serial number: 0x26 Valid from Fri Jul 09 08:11:00 EDT 1999 until Tue Jul 09 19:59:00 EDT 2019 adding as trusted cert: Subject: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM Issuer: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM Algorithm: RSA; Serial number: 0x78585f2ead2c194be3370735341328b596d46593 Valid from Thu Jan 12 12:27:44 EST 2012 until Sun Jan 12 12:27:44 EST 2042 adding as trusted cert: Subject: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US Issuer: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US Algorithm: RSA; Serial number: 0x3f691e819cf09a4af373ffb948a2e4dd Valid from Sun Jan 28 19:00:00 EST 1996 until Wed Aug 02 19:59:59 EDT 2028 adding as trusted cert: Subject: CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US Issuer: CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US Algorithm: RSA; Serial number: 0x1fd6d30fca3ca51a81bbc640e35032d Valid from Sun Jan 31 19:00:00 EST 2010 until Mon Jan 18 18:59:59 EST 2038 adding as trusted cert: Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US Algorithm: RSA; Serial number: 0xb92f60cc889fa17a4609b85b706c8aaf Valid from Sun May 17 20:00:00 EDT 1998 until Tue Aug 01 19:59:59 EDT 2028 adding as trusted cert: Subject: CN=Izenpe.com, O=IZENPE S.A., C=ES Issuer: CN=Izenpe.com, O=IZENPE S.A., C=ES Algorithm: RSA; Serial number: 0xb0b75a16485fbfe1cbf58bd719e67d Valid from Thu Dec 13 08:08:28 EST 2007 until Sun Dec 13 03:27:25 EST 2037 adding as trusted cert: Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 Algorithm: RSA; Serial number: 0x400000000010f8626e60d Valid from Fri Dec 15 03:00:00 EST 2006 until Wed Dec 15 03:00:00 EST 2021 adding as trusted cert: Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Algorithm: RSA; Serial number: 0x18dad19e267de8bb4a2158cdcc6b3b4a Valid from Tue Nov 07 19:00:00 EST 2006 until Wed Jul 16 19:59:59 EDT 2036 adding as trusted cert: Subject: CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM Issuer: CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM Algorithm: RSA; Serial number: 0x5c6 Valid from Fri Nov 24 14:11:23 EST 2006 until Mon Nov 24 14:06:44 EST 2031 adding as trusted cert: Subject: CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US Issuer: CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US Algorithm: RSA; Serial number: 0x0 Valid from Mon Aug 31 20:00:00 EDT 2009 until Thu Dec 31 18:59:59 EST 2037 adding as trusted cert: Subject: CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6, O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş., L=Ankara, C=TR Issuer: CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6, O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş., L=Ankara, C=TR Algorithm: RSA; Serial number: 0x7da1f265ec8a Valid from Wed Dec 18 04:04:10 EST 2013 until Sat Dec 16 04:04:10 EST 2023 adding as trusted cert: Subject: CN=OISTE WISeKey Global Root GB CA, OU=OISTE Foundation Endorsed, O=WISeKey, C=CH Issuer: CN=OISTE WISeKey Global Root GB CA, OU=OISTE Foundation Endorsed, O=WISeKey, C=CH Algorithm: RSA; Serial number: 0x76b1205274f0858746b3f8231af6c2c0 Valid from Mon Dec 01 10:00:32 EST 2014 until Thu Dec 01 10:10:31 EST 2039 adding as trusted cert: Subject: CN=WellsSecure Public Root Certificate Authority, OU=Wells Fargo Bank NA, O=Wells Fargo WellsSecure, C=US Issuer: CN=WellsSecure Public Root Certificate Authority, OU=Wells Fargo Bank NA, O=Wells Fargo WellsSecure, C=US Algorithm: RSA; Serial number: 0x1 Valid from Thu Dec 13 12:07:54 EST 2007 until Tue Dec 13 19:07:54 EST 2022 adding as trusted cert: Subject: CN=Swisscom Root CA 2, OU=Digital Certificate Services, O=Swisscom, C=ch Issuer: CN=Swisscom Root CA 2, OU=Digital Certificate Services, O=Swisscom, C=ch Algorithm: RSA; Serial number: 0x1e9e28e848f2e5efc37c4a1e5a1867b6 Valid from Fri Jun 24 04:38:14 EDT 2011 until Wed Jun 25 03:38:14 EDT 2031 adding as trusted cert: Subject: CN=QuoVadis Root CA 3 G3, O=QuoVadis Limited, C=BM Issuer: CN=QuoVadis Root CA 3 G3, O=QuoVadis Limited, C=BM Algorithm: RSA; Serial number: 0x2ef59b0228a7db7affd5a3a9eebd03a0cf126a1d Valid from Thu Jan 12 15:26:32 EST 2012 until Sun Jan 12 15:26:32 EST 2042 adding as trusted cert: Subject: EMAILADDRESS=info@e-szigno.hu, CN=Microsec e-Szigno Root CA 2009, O=Microsec Ltd., L=Budapest, C=HU Issuer: EMAILADDRESS=info@e-szigno.hu, CN=Microsec e-Szigno Root CA 2009, O=Microsec Ltd., L=Budapest, C=HU Algorithm: RSA; Serial number: 0xc27e43044e473f19 Valid from Tue Jun 16 07:30:18 EDT 2009 until Sun Dec 30 06:30:18 EST 2029 adding as trusted cert: Subject: CN=StartCom Certification Authority G2, O=StartCom Ltd., C=IL Issuer: CN=StartCom Certification Authority G2, O=StartCom Ltd., C=IL Algorithm: RSA; Serial number: 0x3b Valid from Thu Dec 31 20:00:01 EST 2009 until Sat Dec 31 18:59:01 EST 2039 adding as trusted cert: Subject: CN=NetLock Arany (Class Gold) Főtanúsítvány, OU=Tanúsítványkiadók (Certification Services), O=NetLock Kft., L=Budapest, C=HU Issuer: CN=NetLock Arany (Class Gold) Főtanúsítvány, OU=Tanúsítványkiadók (Certification Services), O=NetLock Kft., L=Budapest, C=HU Algorithm: RSA; Serial number: 0x49412ce40010 Valid from Thu Dec 11 10:08:21 EST 2008 until Wed Dec 06 10:08:21 EST 2028 adding as trusted cert: Subject: CN=TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3, OU=Kamu Sertifikasyon Merkezi, OU=Ulusal Elektronik ve Kriptoloji Araştırma Enstitüsü - UEKAE, O=Türkiye Bilimsel ve Teknolojik Araştırma Kurumu - TÜBİTAK, L=Gebze - Kocaeli, C=TR Issuer: CN=TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3, OU=Kamu Sertifikasyon Merkezi, OU=Ulusal Elektronik ve Kriptoloji Araştırma Enstitüsü - UEKAE, O=Türkiye Bilimsel ve Teknolojik Araştırma Kurumu - TÜBİTAK, L=Gebze - Kocaeli, C=TR Algorithm: RSA; Serial number: 0x11 Valid from Fri Aug 24 07:37:07 EDT 2007 until Mon Aug 21 07:37:07 EDT 2017 adding as trusted cert: Subject: CN=Actalis Authentication Root CA, O=Actalis S.p.A./03358520967, L=Milan, C=IT Issuer: CN=Actalis Authentication Root CA, O=Actalis S.p.A./03358520967, L=Milan, C=IT Algorithm: RSA; Serial number: 0x570a119742c4e3cc Valid from Thu Sep 22 07:22:02 EDT 2011 until Sun Sep 22 07:22:02 EDT 2030 adding as trusted cert: Subject: CN=Autoridad de Certificacion Firmaprofesional CIF A62634068, C=ES Issuer: CN=Autoridad de Certificacion Firmaprofesional CIF A62634068, C=ES Algorithm: RSA; Serial number: 0x53ec3beefbb2485f Valid from Wed May 20 04:38:15 EDT 2009 until Tue Dec 31 03:38:15 EST 2030 adding as trusted cert: Subject: CN=Certigna, O=Dhimyotis, C=FR Issuer: CN=Certigna, O=Dhimyotis, C=FR Algorithm: RSA; Serial number: 0xfedce3010fc948ff Valid from Fri Jun 29 11:13:05 EDT 2007 until Tue Jun 29 11:13:05 EDT 2027 adding as trusted cert: Subject: CN=AddTrust Public CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE Issuer: CN=AddTrust Public CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE Algorithm: RSA; Serial number: 0x1 Valid from Tue May 30 06:41:50 EDT 2000 until Sat May 30 06:41:50 EDT 2020 adding as trusted cert: Subject: CN=E-Tugra Certification Authority, OU=E-Tugra Sertifikasyon Merkezi, O=E-Tuğra EBG Bilişim Teknolojileri ve Hizmetleri A.Ş., L=Ankara, C=TR Issuer: CN=E-Tugra Certification Authority, OU=E-Tugra Sertifikasyon Merkezi, O=E-Tuğra EBG Bilişim Teknolojileri ve Hizmetleri A.Ş., L=Ankara, C=TR Algorithm: RSA; Serial number: 0x6a683e9c519bcb53 Valid from Tue Mar 05 07:09:48 EST 2013 until Fri Mar 03 07:09:48 EST 2023 adding as trusted cert: Subject: C=ES, O=ACCV, OU=PKIACCV, CN=ACCVRAIZ1 Issuer: C=ES, O=ACCV, OU=PKIACCV, CN=ACCVRAIZ1 Algorithm: RSA; Serial number: 0x5ec3b7a6437fa4e0 Valid from Thu May 05 05:37:37 EDT 2011 until Tue Dec 31 04:37:37 EST 2030 adding as trusted cert: Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US Algorithm: RSA; Serial number: 0x3c9131cb1ff6d01b0e9ab8d044bf12be Valid from Sun Jan 28 19:00:00 EST 1996 until Wed Aug 02 19:59:59 EDT 2028 adding as trusted cert: Subject: CN=TC TrustCenter Class 3 CA II, OU=TC TrustCenter Class 3 CA, O=TC TrustCenter GmbH, C=DE Issuer: CN=TC TrustCenter Class 3 CA II, OU=TC TrustCenter Class 3 CA, O=TC TrustCenter GmbH, C=DE Algorithm: RSA; Serial number: 0x4a4700010002e5a05dd63f0051bf Valid from Thu Jan 12 09:41:57 EST 2006 until Wed Dec 31 17:59:59 EST 2025 adding as trusted cert: Subject: CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM Issuer: CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM Algorithm: RSA; Serial number: 0x3ab6508b Valid from Mon Mar 19 13:33:33 EST 2001 until Wed Mar 17 14:33:33 EDT 2021 adding as trusted cert: Subject: CN=Buypass Class 2 CA 1, O=Buypass AS-983163327, C=NO Issuer: CN=Buypass Class 2 CA 1, O=Buypass AS-983163327, C=NO Algorithm: RSA; Serial number: 0x1 Valid from Fri Oct 13 06:25:09 EDT 2006 until Thu Oct 13 06:25:09 EDT 2016 adding as trusted cert: Subject: CN=Buypass Class 3 Root CA, O=Buypass AS-983163327, C=NO Issuer: CN=Buypass Class 3 Root CA, O=Buypass AS-983163327, C=NO Algorithm: RSA; Serial number: 0x2 Valid from Tue Oct 26 04:28:58 EDT 2010 until Fri Oct 26 04:28:58 EDT 2040 adding as trusted cert: Subject: OU=Security Communication EV RootCA1, O="SECOM Trust Systems CO.,LTD.", C=JP Issuer: OU=Security Communication EV RootCA1, O="SECOM Trust Systems CO.,LTD.", C=JP Algorithm: RSA; Serial number: 0x0 Valid from Tue Jun 05 22:12:32 EDT 2007 until Fri Jun 05 22:12:32 EDT 2037 adding as trusted cert: Subject: CN=thawte Primary Root CA - G2, OU="(c) 2007 thawte, Inc. - For authorized use only", O="thawte, Inc.", C=US Issuer: CN=thawte Primary Root CA - G2, OU="(c) 2007 thawte, Inc. - For authorized use only", O="thawte, Inc.", C=US Algorithm: EC; Serial number: 0x35fc265cd9844fc93d263d579baed756 Valid from Sun Nov 04 19:00:00 EST 2007 until Mon Jan 18 18:59:59 EST 2038 adding as trusted cert: Subject: CN=Swisscom Root EV CA 2, OU=Digital Certificate Services, O=Swisscom, C=ch Issuer: CN=Swisscom Root EV CA 2, OU=Digital Certificate Services, O=Swisscom, C=ch Algorithm: RSA; Serial number: 0xf2fa64e27463d38dfd101d041f76ca58 Valid from Fri Jun 24 05:45:08 EDT 2011 until Wed Jun 25 04:45:08 EDT 2031 adding as trusted cert: Subject: CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado, OU=Tanusitvanykiadok, O=NetLock Halozatbiztonsagi Kft., L=Budapest, ST=Hungary, C=HU Issuer: CN=NetLock Kozjegyzoi (Class A) Tanusitvanykiado, OU=Tanusitvanykiadok, O=NetLock Halozatbiztonsagi Kft., L=Budapest, ST=Hungary, C=HU Algorithm: RSA; Serial number: 0x103 Valid from Wed Feb 24 18:14:47 EST 1999 until Tue Feb 19 18:14:47 EST 2019 adding as trusted cert: Subject: CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Issuer: CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Algorithm: RSA; Serial number: 0x401ac46421b31321030ebbe4121ac51d Valid from Tue Apr 01 20:00:00 EDT 2008 until Tue Dec 01 18:59:59 EST 2037 adding as trusted cert: Subject: CN=China Internet Network Information Center EV Certificates Root, O=China Internet Network Information Center, C=CN Issuer: CN=China Internet Network Information Center EV Certificates Root, O=China Internet Network Information Center, C=CN Algorithm: RSA; Serial number: 0x489f0001 Valid from Tue Aug 31 03:11:25 EDT 2010 until Sat Aug 31 03:11:25 EDT 2030 adding as trusted cert: Subject: CN=Cybertrust Global Root, O="Cybertrust, Inc" Issuer: CN=Cybertrust Global Root, O="Cybertrust, Inc" Algorithm: RSA; Serial number: 0x400000000010f85aa2d48 Valid from Fri Dec 15 03:00:00 EST 2006 until Wed Dec 15 03:00:00 EST 2021 adding as trusted cert: Subject: OU=ApplicationCA, O=Japanese Government, C=JP Issuer: OU=ApplicationCA, O=Japanese Government, C=JP Algorithm: RSA; Serial number: 0x31 Valid from Wed Dec 12 10:00:00 EST 2007 until Tue Dec 12 10:00:00 EST 2017 adding as trusted cert: Subject: CN=Trusted Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB Issuer: CN=Trusted Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB Algorithm: RSA; Serial number: 0x1 Valid from Wed Dec 31 19:00:00 EST 2003 until Sun Dec 31 18:59:59 EST 2028 adding as trusted cert: Subject: CN=Global Chambersign Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU Issuer: CN=Global Chambersign Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU Algorithm: RSA; Serial number: 0x0 Valid from Tue Sep 30 12:14:18 EDT 2003 until Wed Sep 30 12:14:18 EDT 2037 adding as trusted cert: Subject: OU=Trustis FPS Root CA, O=Trustis Limited, C=GB Issuer: OU=Trustis FPS Root CA, O=Trustis Limited, C=GB Algorithm: RSA; Serial number: 0x1b1fadb620f924d3366bf7c7f18ca059 Valid from Tue Dec 23 07:14:06 EST 2003 until Sun Jan 21 06:36:54 EST 2024 adding as trusted cert: Subject: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE Issuer: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE Algorithm: RSA; Serial number: 0x1 Valid from Tue May 30 06:38:31 EDT 2000 until Sat May 30 06:38:31 EDT 2020 adding as trusted cert: Subject: CN=NetLock Uzleti (Class B) Tanusitvanykiado, OU=Tanusitvanykiadok, O=NetLock Halozatbiztonsagi Kft., L=Budapest, C=HU Issuer: CN=NetLock Uzleti (Class B) Tanusitvanykiado, OU=Tanusitvanykiadok, O=NetLock Halozatbiztonsagi Kft., L=Budapest, C=HU Algorithm: RSA; Serial number: 0x69 Valid from Thu Feb 25 09:10:22 EST 1999 until Wed Feb 20 09:10:22 EST 2019 adding as trusted cert: Subject: CN=COMODO Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Issuer: CN=COMODO Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Algorithm: RSA; Serial number: 0x4e812d8a8265e00b02ee3e350246e53d Valid from Thu Nov 30 19:00:00 EST 2006 until Mon Dec 31 18:59:59 EST 2029 adding as trusted cert: Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4 Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4 Algorithm: EC; Serial number: 0x2a38a41c960a04de42b228a50be8349802 Valid from Mon Nov 12 19:00:00 EST 2012 until Mon Jan 18 22:14:07 EST 2038 adding as trusted cert: Subject: CN=AC Raíz Certicámara S.A., O=Sociedad Cameral de Certificación Digital - Certicámara S.A., C=CO Issuer: CN=AC Raíz Certicámara S.A., O=Sociedad Cameral de Certificación Digital - Certicámara S.A., C=CO Algorithm: RSA; Serial number: 0x77e52937be015e357f0698ccbec0c Valid from Mon Nov 27 15:46:29 EST 2006 until Tue Apr 02 17:42:02 EDT 2030 adding as trusted cert: Subject: EMAILADDRESS=pki@sk.ee, CN=EE Certification Centre Root CA, O=AS Sertifitseerimiskeskus, C=EE Issuer: EMAILADDRESS=pki@sk.ee, CN=EE Certification Centre Root CA, O=AS Sertifitseerimiskeskus, C=EE Algorithm: RSA; Serial number: 0x5480f9a073ed3f004cca89d8e371e64a Valid from Sat Oct 30 06:10:30 EDT 2010 until Tue Dec 17 18:59:59 EST 2030 adding as trusted cert: Subject: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU Issuer: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU Algorithm: RSA; Serial number: 0xc9cdd3e9d57d23ce Valid from Fri Aug 01 08:31:40 EDT 2008 until Sat Jul 31 08:31:40 EDT 2038 adding as trusted cert: Subject: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Issuer: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Algorithm: RSA; Serial number: 0x4caaf9cadb636fe01ff74ed85b03869d Valid from Mon Jan 18 19:00:00 EST 2010 until Mon Jan 18 18:59:59 EST 2038 adding as trusted cert: Subject: CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US Issuer: CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US Algorithm: RSA; Serial number: 0x600197b746a7eab4b49ad64b2ff790fb Valid from Tue Apr 01 20:00:00 EDT 2008 until Tue Dec 01 18:59:59 EST 2037 adding as trusted cert: Subject: OU=RSA Security 2048 V3, O=RSA Security Inc Issuer: OU=RSA Security 2048 V3, O=RSA Security Inc Algorithm: RSA; Serial number: 0xa0101010000027c0000000a00000002 Valid from Thu Feb 22 15:39:23 EST 2001 until Sun Feb 22 15:39:23 EST 2026 adding as trusted cert: Subject: CN=AffirmTrust Premium ECC, O=AffirmTrust, C=US Issuer: CN=AffirmTrust Premium ECC, O=AffirmTrust, C=US Algorithm: EC; Serial number: 0x7497258ac73f7a54 Valid from Fri Jan 29 09:20:24 EST 2010 until Mon Dec 31 09:20:24 EST 2040 adding as trusted cert: Subject: CN=Staat der Nederlanden Root CA - G2, O=Staat der Nederlanden, C=NL Issuer: CN=Staat der Nederlanden Root CA - G2, O=Staat der Nederlanden, C=NL Algorithm: RSA; Serial number: 0x98968c Valid from Wed Mar 26 07:18:17 EDT 2008 until Wed Mar 25 07:03:10 EDT 2020 adding as trusted cert: Subject: CN=Sonera Class1 CA, O=Sonera, C=FI Issuer: CN=Sonera Class1 CA, O=Sonera, C=FI Algorithm: RSA; Serial number: 0x24 Valid from Fri Apr 06 06:49:13 EDT 2001 until Tue Apr 06 06:49:13 EDT 2021 adding as trusted cert: Subject: CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE Issuer: CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE Algorithm: RSA; Serial number: 0x1 Valid from Wed Oct 01 06:40:14 EDT 2008 until Sat Oct 01 19:59:59 EDT 2033 adding as trusted cert: Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US Algorithm: RSA; Serial number: 0x4cc7eaaa983e71d39310f83d3a899192 Valid from Sun May 17 20:00:00 EDT 1998 until Tue Aug 01 19:59:59 EDT 2028 adding as trusted cert: Subject: CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US Issuer: CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US Algorithm: RSA; Serial number: 0x33af1e6a711a9a0bb2864b11d09fae5 Valid from Thu Aug 01 08:00:00 EDT 2013 until Fri Jan 15 07:00:00 EST 2038 adding as trusted cert: Subject: C=ES, O=EDICOM, OU=PKI, CN=ACEDICOM Root Issuer: C=ES, O=EDICOM, OU=PKI, CN=ACEDICOM Root Algorithm: RSA; Serial number: 0x618dc7863b018205 Valid from Fri Apr 18 12:24:22 EDT 2008 until Thu Apr 13 12:24:22 EDT 2028 trigger seeding of SecureRandom done seeding SecureRandom Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 main, setSoTimeout(0) called Allow unsafe renegotiation: false Allow legacy hello messages: true Is initial handshake: true Is secure renegotiation: false main, setSoTimeout(0) called Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1 %% No cached client session *** ClientHello, TLSv1.2 RandomCookie: GMT: 1452311531 bytes = { 42, 240, 211, 182, 223, 242, 145, 113, 198, 54, 252, 179, 235, 34, 198, 14, 162, 107, 225, 41, 218, 0, 148, 131, 6, 168, 223, 139 } Session ID: {} Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] Compression Methods: { 0 } Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1} Extension ec_point_formats, formats: [uncompressed] Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA *** main, WRITE: TLSv1.2 Handshake, length = 193 main, handling exception: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? main, SEND TLSv1.2 ALERT: fatal, description = unexpected_message main, WRITE: TLSv1.2 Alert, length = 2 main, called closeSocket() main, called close() main, called closeInternal(true) main, called close() main, called closeInternal(true) main, called close() main, called closeInternal(true) ```

By Steve Sobol user 21 Jul 2016 at 10:07 p.m. CDT

Copy
Steve Sobol gravatar
Ok. I saw that Gluu is using the openjdk-7-java package, so I installed it (it was only installed in the container, not on the server), installed the latest Java 7 JDK on my laptop so I could recompile your sample code, uploaded it and tried again. Same error. I give up. I've got nothing. :(

By Steve Sobol user 21 Jul 2016 at 10:09 p.m. CDT

Copy
Steve Sobol gravatar
I am grasping at straws here - Is it something in the way I have the server configured? It's a standard 14.04 install on a DigitalOcean VPS.

By Steve Sobol user 21 Jul 2016 at 11:30 p.m. CDT

Copy
Steve Sobol gravatar
We've had this ticket open for a week. All I wanted to do was to get logins and logouts working using Gluu. I was able to log a user in but when I tried to log out using the id_token I received when I logged in, the Gluu server couldn't find the user based on the token I passed back to it. I was advised to try oxD, but that obviously isn't helping either. Part of my project has been stalled for a week and I really need to get on with it. I understand the need to figure out what's going on, but the JVM gives me the exact same logs each time I try to connect, and we're getting nowhere. I am very frustrated.

By Yuriy Zabrovarnyy staff 22 Jul 2016 at 1:32 a.m. CDT

Copy
Yuriy Zabrovarnyy gravatar
Steve, Do you have oxD on the same machine as Gluu Server ? Think about the case when I running oxD and for me it works (with your server) but for you it does not. The only difference I can see is the location from where it is run. I assume that you have oxD at the same machine as Gluu Server and Apache is configured in such way that it skips ssl due to localhost (for some reason). Would you please try to run oxD from other machine (different from Gluu Server machine)? This is the only difference I can see. Otherwise I have no idea :(. I need reproducible case in order to help you. If it helps we can have remote session, maybe I will notice something. Thanks, Yuriy Z

By Steve Sobol user 22 Jul 2016 at 11:15 a.m. CDT

Copy
Steve Sobol gravatar
Hm. Good suggestion. I will spin up a new VPS and see what happens. I even have an SSL certificate that I purchased, but ended up not using, that I can use for this test. Thank you for all of your help.

By Steve Sobol user 22 Jul 2016 at 3:58 p.m. CDT

Copy
Steve Sobol gravatar
Looking at my client code, I just had an epiphany. ``` client = new CommandClient("127.0.0.1",8999); ``` I'm using an SSH tunnel. What are the chances that that's breaking things? I'm tunneling to 127.0.0.1:8099 on the server. Time to open up port 8099 on the server and connect directly to it.

By Steve Sobol user 22 Jul 2016 at 4:24 p.m. CDT

Copy
Steve Sobol gravatar
Same error. Going to try some other fixes

By Yuriy Zabrovarnyy staff 22 Jul 2016 at 4:30 p.m. CDT

Copy
Yuriy Zabrovarnyy gravatar
There is plain connection (instead of SSL) between Gluu Server and oxD Server. CommandClient is oxD Client which is not involved in our actual problem with plain connection. However maybe that tunnel somehow effects connection to Gluu Server too, not sure. To have clear experiment of course better to switch it off. Looking forward for your results when oxD Server is on separate machine since this is the only difference between the test I've performed from my machine.

By Steve Sobol user 22 Jul 2016 at 6:41 p.m. CDT

Copy
Steve Sobol gravatar
Well. ``` resp.getWriter().println(flowResp); resp.getWriter().println("Login done " + new SimpleDateFormat("hh:mm:ss").format(new Date())); ``` Here's what I got. Looks like this test, with the oxD server on a separate machine, worked. Direct connection; no proxy, no SSH tunnel (although we did just establish that the tunnel isn't the problem) ``` ImplicitFlowResponse{accessToken='67c5b2ba-802a-4c8d-9a79-bd47b5f4ada1', expiresIn=299, refreshToken='bb6cfb19-491f-4c00-994e-5689da145459', authorizationCode='9221f4d9-81f5-4766-9dea-a7dbe801a774', scope='openid', idToken='eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjZjZDBkNzY5LTMxNWQtNDVmOS04Nzk2LTczODI0M2VjOWQ0ZiJ9.eyJpc3MiOiJodHRwczovL3Nzby5sb2Jvc3N0dWRpb3MuY29tIiwiYXVkIjoiQCEyOTIwLkZBRDIuRkIzOC45QkM1ITAwMDEhOTIyNy4wRTNEITAwMDghOUVDNi43QjZDIiwiZXhwIjoxNDY5MjM0Mzg0LCJpYXQiOjE0NjkyMzA3ODQsIm5vbmNlIjoiYjBmNjlkZDMtOTNkZC00YjVmLWE2YTItNGJjNmZhMThhOWY0IiwiYXV0aF90aW1lIjoxNDY5MjMwNzgzLCJhdF9oYXNoIjoiWElxZldOMVRQTnlfeWd5dlJNSnZqUSIsIm94VmFsaWRhdGlvblVSSSI6Imh0dHBzOi8vc3NvLmxvYm9zc3R1ZGlvcy5jb20vb3hhdXRoL29waWZyYW1lIiwib3hPcGVuSURDb25uZWN0VmVyc2lvbiI6Im9wZW5pZGNvbm5lY3QtMS4wIiwiaW51bSI6IkAhMjkyMC5GQUQyLkZCMzguOUJDNSEwMDAxITkyMjcuMEUzRCEwMDAwIUNGMDcuOEZFRSIsInN1YiI6ImE5NmJkNTczLWI3ODUtNGU3MC05MTViLTkzZTU3YzBiYmE1MCJ9.GUQopE7AFuT9MSUftvbE3XCI2WMEgBTd3zd_X1ap6PyHALlqiYWMKHxixRouO9y9UBgqFCB-GxaSnKwS8lNLJRbQb685UQUG-jPIKoUBOzq8T81PLmT_m_hOJbd0Oh2gfpwogt25eBr_2M8pc4PY8IlVa_PL1XSZGtQidHzxi_nhMhxQOPbHWdWlb6vtUqFpRd79igLsn6Qfbybo1LxdNCjgAGyXNscwJS7y43dUj3zKJ9lOaC0LX--h8HZ74QY4XEOBPs3bfF3Hioa511WNjttvuLVA71whZ_B8-lHXLd7yoLas0kDaAxVG435nlDRi9DVzCy7X93lTa2mUKj94Pw'} Login done 04:39:45 ```

By Steve Sobol user 22 Jul 2016 at 6:48 p.m. CDT

Copy
Steve Sobol gravatar
No SSL-related exceptions on the oxD side, no exceptions at all on the client. So I'm going to continue testing, but with the version from the repo. I'll do that this weekend.

By Steve Sobol user 23 Jul 2016 at 10:41 a.m. CDT

Copy
Steve Sobol gravatar
Success again, this time using the latest oxD apt package downloaded just a couple minutes ago from the repository. Interesting point: I simply copied over oxd-conf.json, where I have both ```trust_store_path``` and ```trust_store_password``` set, and it worked - and my keystore does not have the default password, either. Did you update the apt repo? I'm still interested in finding out why things will not work when Gluu and oxD are on the same server, but I now have a workable solution. I can stick the oxD server on a VPS that is already running JEE websites.

By Yuriy Zabrovarnyy staff 23 Jul 2016 at 4:39 p.m. CDT

Copy
Yuriy Zabrovarnyy gravatar
I wish to know that too, it seems apache does not encrypt connection if it goes from localhost, right? I'm glad to hear that it works now for you. Should we close this ticket then?

By Steve Sobol user 23 Jul 2016 at 4:40 p.m. CDT

Copy
Steve Sobol gravatar
Maybe that is the problem. I'll look deeper into it when I have time. I think we can close the ticket.

Post an answer