Gazelle Security Suite

Permanent link

https://pancanadianio.ca/gss/details/connection.seam?id=6327

Connection date

3/20/23 2:38:31 PM (EDT GMT-0400)

SUT address

interop.kai-oscar.com:443

Simulator address

canada-prod.ihe-europe.net:35658

Simulator keyword

Client PAT2023

Simulator certificate

CN=pancanadianio.ca

Handshake success

Protocol

Cipher suite

Error message

result=FAILED
errors list :
PKIX validation (CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford,
ST=Greater Manchester, C=GB) : The certificate has a valid signature, but is no
trust anchor (PKIX)

Error stack trace

javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1480)
at
        sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:509)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:780)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:744)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1212)
at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:910)
at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDe-
        coder.java:425)
at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(Fr-
        ameDecoder.java:310)
at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream-
        (SimpleChannelUpstreamHandler.java:70)
at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(Default-
        ChannelPipeline.java:560)
at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(Default-
        ChannelPipeline.java:555)
at
        org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268)
at
        org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255)
at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)
at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(Abstra-
        ctNioWorker.java:107)
at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(Abstract-
        NioSelector.java:312)
at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNi-
        oWorker.java:88)
at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunna-
        ble.java:108)
at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockPro-
        ofWorker.java:42)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecuto-
        r.java:1152)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecut-
        or.java:622)
at java.lang.Thread.run(Thread.java:748)
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1672)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:288)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshake-
        r.java:1598)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.j-
        ava:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:997)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:930)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:928)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1418)
at org.jboss.netty.handler.ssl.SslHandler$4.run(SslHandler.java:1348)
at org.jboss.netty.handler.ssl.ImmediateExecutor.execute(ImmediateExec-
        utor.java:31)
at org.jboss.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler-
        .java:1345)
at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1232)
... 18 more
Caused by: java.security.cert.CertificateException: result=FAILED
errors list :
PKIX validation (CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford,
ST=Greater Manchester, C=GB) : The certificate has a valid signature, but is no
trust anchor (PKIX)

at net.ihe.gazelle.simulators.tls.common.TestTrustManager.checkServerT-
        rusted(TestTrustManager.java:58)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSL-
        ContextImpl.java:1100)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshake-
        r.java:1585)
... 28 more

TLS/SSL events

Date

03/20/2023 18:38:31.992

Type

CHECK_TRUSTED_SERVER

Details

Details

result=FAILED errors list : PKIX validation (CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB) : The certificate has a valid signature, but is no trust anchor (PKIX)

CN=*.kai-oscar.com
CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB
[
[
  Version: V3
  Subject: CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo
  Limited, L=Salford, ST=Greater Manchester, C=GB
  Signature Algorithm: SHA384withRSA, OID = 1.2.840.113549.1.1.12

  Key:  Sun RSA public key, 2048 bits
  modulus: 2707180573126806842909443325387094110363011565654408398668855725009-
  6650002741356969068276793574297189996744882329828714710418422450500008985954-
  7577617496121791942629548382668972685324614714879350065367202724947863692950-
  6548598577541666555667918944127152997059694426465907604539750653401759688037-
  5081936227230390079744485923579156075147392924215968126808432802589158460341-
  5397355351622753934223539162832610697077442106086031635515941070361903023668-
  9283280167307192140185019423781500764172407522021523653709713413287865689576-
  8334289537403738520740616524362273323209296475725089291190047065303870231628-
  551068954108124949
  public exponent: 65537
  Validity: [From: Fri Nov 02 01:00:00 CET 2018,
               To: Wed Jan 01 00:59:59 CET 2031]
  Issuer: CN=USERTrust RSA Certification Authority, O=The USERTRUST Network,
  L=Jersey City, ST=New Jersey, C=US
  SerialNumber: [    7d5b5126 b476ba11 db74160b bc530da7]

Certificate Extensions: 8
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: caIssuers
   accessLocation: URIName: http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt
,
   accessMethod: ocsp
   accessLocation: URIName: http://ocsp.usertrust.com
]
]

[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 53 79 BF 5A AA 2B 4A CF   54 80 E1 D8 9B C0 9D F2  Sy.Z.+J.T.......
0010: B2 03 66 CB                                        ..f.
]
]

[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:true
  PathLen:0
]

[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl]
]]

[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [2.5.29.32.0]
[]  ]
  [CertificatePolicyId: [2.23.140.1.2.1]
[]  ]
]

[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  serverAuth
  clientAuth
]

[7]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  DigitalSignature
  Key_CertSign
  Crl_Sign
]

[8]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 8D 8C 5E C4 54 AD 8A E1   77 E9 9B F9 9B 05 E1 B8  ..^.T...w.......
0010: 01 8D 61 E1                                        ..a.
]
]

]
  Algorithm: [SHA384withRSA]
  Signature:
0000: 32 BF 61 BD 0E 48 C3 4F   C7 BA 47 4D F8 9C 78 19  2.a..H.O..GM..x.
0010: 01 DC 13 1D 80 6F FC C3   70 B4 52 9A 31 33 9A 57  .....o..p.R.13.W
0020: 52 FB 31 9E 6B A4 EF 54   AA 89 8D 40 17 68 F8 11  R.1.k..T...@.h..
0030: 10 7C D2 CA B1 F1 55 86   C7 EE B3 36 91 86 F6 39  ......U....6...9
0040: 51 BF 46 BF 0F A0 BA B4   F7 7E 49 C4 2A 36 17 9E  Q.F.......I.*6..
0050: E4 68 39 7A AF 94 4E 56   6F B2 7B 3B BF 0A 86 BD  .h9z..NVo..;....
0060: CD C5 77 1C 03 B8 38 B1   A2 1F 5F 7E DB 8A DC 46  ..w...8..._....F
0070: 48 B6 68 0A CF B2 B5 B4   E2 34 E4 67 A9 38 66 09  H.h......4.g.8f.
0080: 5E D2 B8 FC 9D 28 3A 17   40 27 C2 72 4E 29 FD 21  ^....(:.@'.rN).!
0090: 3C 7C CF 13 FB 96 2C C5   31 44 FD 13 ED D5 9B A9  <.....,.1D......
00A0: 69 68 77 7C EE E1 FF A4   F9 36 38 08 53 39 A2 84  ihw......68.S9..
00B0: 34 9C 19 F3 BE 0E AC D5   24 37 EB 23 A8 78 D0 D3  4.......$7.#.x..
00C0: E7 EF 92 47 64 62 39 22   EF C6 F7 11 BE 22 85 C6  ...Gdb9"....."..
00D0: 66 44 24 26 8E 10 32 8D   C8 93 AE 07 9E 83 3E 2F  fD$&..2.......>/
00E0: D9 F9 F5 46 8E 63 BE C1   E6 B4 DC A6 CD 21 A8 86  ...F.c.......!..
00F0: 0A 95 D9 2E 85 26 1A FD   FC B1 B6 57 42 6D 95 D1  .....&.....WBm..
0100: 33 F6 39 14 06 82 41 38   F5 8F 58 DC 80 5B A4 D5  3.9...A8..X..[..
0110: 7D 95 78 FD A7 9B FF FD   C5 A8 69 AB 26 E7 A7 A4  ..x.......i.&...
0120: 05 87 5B A9 B7 B8 A3 20   0B 97 A9 45 85 DD B3 8B  ..[.... ...E....
0130: E5 89 37 8E 29 0D FC 06   17 F6 38 40 0E 42 E4 12  ..7.).....8@.B..
0140: 06 FB 7B F3 C6 11 68 62   DF E3 98 F4 13 D8 15 4F  ......hb.......O
0150: 8B B1 69 D9 10 60 BC 64   2A EA 31 B7 E4 B5 A3 3A  ..i..`.d*.1....:
0160: 14 9B 26 E3 0B 7B FD 02   8E B6 99 C1 38 97 59 36  ..&.........8.Y6
0170: F6 A8 74 A2 86 B6 5E EB   C6 64 EA CF A0 A3 F9 6E  ..t...^..d.....n
0180: 9E BA 2D 11 B6 86 98 08   58 2D C9 AC 25 64 F2 5E  ..-.....X-..%d.^
0190: 75 B4 38 C1 AE 7F 5A 46   83 EA 51 CA B6 F1 99 11  u.8...ZF..Q.....
01A0: 35 6B A5 6A 7B C6 00 B0   E7 F8 BE 64 B2 AD C8 C2  5k.j.......d....
01B0: F1 AC E3 51 EA A4 93 E0   79 C8 E1 81 40 C9 0A 5B  ...Q....y...@..[
01C0: E1 12 3C C1 60 2A E3 97   C0 89 42 CA 94 CF 46 98  ..<.`*....B...F.
01D0: 12 69 BB 98 D0 C2 D3 0D   72 4B 47 6E E5 93 C4 32  .i......rKGn...2
01E0: 28 63 87 43 E4 B0 32 3E   0A D3 4B BF 23 9B 14 29  (c.C..2>..K.#..)
01F0: 41 2B 9A 04 1F 93 2D F1   C7 39 48 3C AD 5A 12 7F  A+....-..9H<.Z..

]
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
[
[
  Version: V3
  Subject: CN=USERTrust RSA Certification Authority, O=The USERTRUST Network,
  L=Jersey City, ST=New Jersey, C=US
  Signature Algorithm: SHA384withRSA, OID = 1.2.840.113549.1.1.12

  Key:  Sun RSA public key, 4096 bits
  modulus: 5224875836175250753424638853372254730460877230811567305870632150304-
  9610972993225326579926576629493202868635326491906158038504946483635695482910-
  5402248183391733854684450211900139329107087047502332675235340095978056484941-
  1504909918824975768393675601632752572720360494224733056424417934981609679070-
  3812049329478586886214244498859732498651976518712445283037551926184436739607-
  7186284797811937481089746704868620023056657703518830114050467515432464700561-
  9316990038333977342850323474943702765827790462727505464635599655227565162294-
  0469004576670678752402043541294872130642439399316922928946783449353316041305-
  6397476973792368174460238110091615871730381483443293300931137331198904539782-
  4559608864946938335611404723875782088442969174840752050196717387078450749056-
  1166823940633064441480569877940098720131090972591827061208433987227902090886-
  7861033880814315358914565703236337174308524328436716608021785644764836810087-
  0740123399365432282550341688640466886015755038017896487075603512401650661652-
  8096500723307621166963363838944952244335787954916390859401276232162251434099-
  8051396106368358204746516265702776221449060497686599696175189532242983987568-
  9164331027403865323784708363647074551347295483673731895509217569047773401537-
  19441907345834660183638543
  public exponent: 65537
  Validity: [From: Tue Mar 12 01:00:00 CET 2019,
               To: Mon Jan 01 00:59:59 CET 2029]
  Issuer: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford,
  ST=Greater Manchester, C=GB
  SerialNumber: [    3972443a f922b751 d7d36c10 dd313595]

Certificate Extensions: 7
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: ocsp
   accessLocation: URIName: http://ocsp.comodoca.com
]
]

[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: A0 11 0A 23 3E 96 F1 07   EC E2 AF 29 EF 82 A5 7F  ...#>......)....
0010: D0 30 A4 B4                                        .0..
]
]

[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://crl.comodoca.com/AAACertificateServices.crl]
]]

[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [2.5.29.32.0]
[]  ]
]

[6]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  DigitalSignature
  Key_CertSign
  Crl_Sign
]

[7]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 53 79 BF 5A AA 2B 4A CF   54 80 E1 D8 9B C0 9D F2  Sy.Z.+J.T.......
0010: B2 03 66 CB                                        ..f.
]
]

]
  Algorithm: [SHA384withRSA]
  Signature:
0000: 18 87 51 DC 74 21 3D 9C   8A E0 27 B7 33 D0 2E CC  ..Q.t!=...'.3...
0010: EC F0 E6 CB 5E 11 DE 22   6F 9B 75 8E 9E 72 FE E4  ....^.."o.u..r..
0020: D6 FE AA 1F 9C 96 2D EF   03 4A 7E AE F4 8D 6F 72  ......-..J....or
0030: 3C 43 3B C0 3F EB B8 DF   5C AA A9 C6 AE F2 FC D8  0040: EE A3 7B 43 F6 86 36 7C   14 E0 CD F4 F7 3F FE DE  ...C..6......?..
0050: B8 B4 8A F0 91 96 FE FD   43 64 7E FD CC D2 01 A1  ........Cd......
0060: 7D 7D F8 19 19 C9 42 2B   13 BF 58 8B BA A4 A2 66  ......B+..X....f
0070: 04 76 88 91 4E 0C 89 14   CE A2 4D C9 32 B3 BA E8  .v..N.....M.2...
0080: 14 1A BC 71 F1 5B F0 41   0B 98 00 0A 22 03 10 E5  ...q.[.A...."...
0090: 0C B1 F9 CD 92 37 19 ED   3B F1 E4 3A B6 F9 45 13  .....7..;..:..E.
00A0: 26 75 AF BB AA EF 3F 7B   77 3B D2 C4 02 91 3D 19  &u....?.w;....=.
00B0: 00 D3 17 5C 39 DB 3F 7B   18 0D 45 CD 93 85 96 2F  ...\9.?...E..../
00C0: 5D DF 59 16 4F 3F 51 BD   D5 45 18 3F ED 4A 8E E8  ].Y.O?Q..E.?.J..
00D0: 06 61 74 23 16 B5 0D 50   73 27 44 47 7F 10 5D 89  .at#...Ps'DG..].
00E0: 2A 6B 85 31 14 C4 E8 A9   6A 4C 80 BC 6A 78 CF B8  *k.1....jL..jx..
00F0: 7F 8E 76 72 99 0C 9D FE   D7 91 08 16 A1 A3 5F 95  ..vr.........._.

]
CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB
[
[
  Version: V3
  Subject: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford,
  ST=Greater Manchester, C=GB
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 2048 bits
  modulus: 2401714177925845449677011083117539779839123882248876208820899607374-
  6727792529759826644425576105428262569575834000275344799367348759201528689158-
  9325523750268528345680438068663560114248161909121231630877930894728210598901-
  7018802623865064614336256363074476048173157750526263457449252599465729225478-
  6057881907268545451854983700842644467590540608599899407697606960402406169295-
  3999606485507524772553318112034581301574321965161971552796501362855192206170-
  9750707939207963379827342153032422881861280980852956887008939038443389543046-
  6053495838679653061898400120967289127069499396165616344939229144458098943168-
  723684207203200969
  public exponent: 65537
  Validity: [From: Thu Jan 01 01:00:00 CET 2004,
               To: Mon Jan 01 00:59:59 CET 2029]
  Issuer: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford,
  ST=Greater Manchester, C=GB
  SerialNumber: [    01]

Certificate Extensions: 4
[1]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

[2]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://crl.comodoca.com/AAACertificateServices.crl]
, DistributionPoint:
     [URIName: http://crl.comodo.net/AAACertificateServices.crl]
]]

[3]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  Key_CertSign
  Crl_Sign
]

[4]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: A0 11 0A 23 3E 96 F1 07   EC E2 AF 29 EF 82 A5 7F  ...#>......)....
0010: D0 30 A4 B4                                        .0..
]
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 08 56 FC 02 F0 9B E8 FF   A4 FA D6 7B C6 44 80 CE  .V...........D..
0010: 4F C4 C5 F6 00 58 CC A6   B6 BC 14 49 68 04 76 E8  O....X.....Ih.v.
0020: E6 EE 5D EC 02 0F 60 D6   8D 50 18 4F 26 4E 01 E3  ..]...`..P.O&N..
0030: E6 B0 A5 EE BF BC 74 54   41 BF FD FC 12 B8 C7 4F  ......tTA......O
0040: 5A F4 89 60 05 7F 60 B7   05 4A F3 F6 F1 C2 BF C4  Z..`..`..J......
0050: B9 74 86 B6 2D 7D 6B CC   D2 F3 46 DD 2F C6 E0 6A  .t..-.k...F./..j
0060: C3 C3 34 03 2C 7D 96 DD   5A C2 0E A7 0A 99 C1 05  ..4.,...Z.......
0070: 8B AB 0C 2F F3 5C 3A CF   6C 37 55 09 87 DE 53 40  .../.\:.l7U...S@
0080: 6C 58 EF FC B6 AB 65 6E   04 F6 1B DC 3C E0 5A 15  lX....en....<.Z.
0090: C6 9E D9 F1 59 48 30 21   65 03 6C EC E9 21 73 EC  ....YH0!e.l..!s.
00A0: 9B 03 A1 E0 37 AD A0 15   18 8F FA BA 02 CE A7 2C  ....7..........,
00B0: A9 10 13 2C D4 E5 08 26   AB 22 97 60 F8 90 5E 74  ...,...&.".`..^t
00C0: D4 A2 9A 53 BD F2 A9 68   E0 A2 6E C2 D7 6C B1 A3  ...S...h..n..l..
00D0: 0F 9E BF EB 68 E7 56 F2   AE F2 E3 2B 38 3A 09 81  ....h.V....+8:..
00E0: B5 6B 85 D7 BE 2D ED 3F   1A B7 B2 63 E2 F5 62 2C  .k...-.?...c..b,
00F0: 82 D4 6A 00 41 50 F1 39   83 9F 95 E9 36 96 98 6E  ..j.AP.9....6..n

]

Connection Id	Index	Details	Date	Time (µs)	From	To	Proxy	Info
Number of results per page :
216	1	Details	3/20/23 2:38:31 PM (EDT GMT-0400)	908694	127.0.0.1 : 57370	51.222.92.164 : 443	1024	Hello

TLS/SSL connection

Connection details

Error stack trace

Details

Intercepted messages