For full functionality of this site it is necessary to enable JavaScript.
Here are the instructions how to enable JavaScript in your web browser.

Knowledge base

Find the answer to your question

Advanced Search PView

Search terms
Search Type
Product
Category
Language
Format
SDK
Sort by
Direction

How to make https call and debug SSL handshake?

  • Answer ID 5113
  • Published 02/25/2020 07:01 PM
  • Updated 02/25/2020 07:01 PM
  • Permalink https://ebaydts.com/eBayKBDetails?KBid=5113
Product
Here is a sample Https Java client to test and verify SSL connection.

Sample Java client code


HttpsClient
/**
 
 * Sample Java Https Client
 
 * To connect and read from Https Url
 
 */
 
public class JavaHttpsClient {
 
    public static void main(String[] args) throws Exception {
        // template httpsUrl path
        String httpsURL = "https://api.ebay.com/<path>";
        URL url = new URL(httpsURL);
 
        // make connection using Java APIs
        // reference Java doc
 
        HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
 
        // read the response
        InputStream inputStream = conn.getInputStream();
        InputStreamReader inputStreamReader = new InputStreamReader(inputStream);
        BufferedReader bufferedReader = new BufferedReader(inputStreamReader);
        String inputLine;

        while ((inputLine = bufferedReader.readLine()) != null) {
            //read the response
            System.out.println(inputLine);
        }
        bufferedReader.close();
    }
}

Using Open API specification

Here is a reference on how to create Https Clients using Open API spec with eBay public APIs.

Step 1: Download or use the link to Open API spec from eBay developers portal 

            Example : Open API spec for browse API https://developer.ebay.com/api-docs/master/buy/browse/openapi/2/buy_browse_v1_beta_oas2.json

Step 2: Use Swagger-codegen to generate client of your choice (https://swagger.io/tools/swagger-codegen/)

Reference command to generate code gen for Java Https Client for eBay Public APIs. 

Command line code generator 
curl -X POST -H "content-type:application/json" -d '{"swaggerUrl":"https://developer.ebay.com/api-docs/master/buy/browse/openapi/2/buy_browse_v1_beta_oas2.json"}' https://generator.swagger.io/api/gen/clients/java

you will get a downloadable link for the client code generated.

{"code":"c5e3bb5f-4262-4bd1-b050-c060d5f28671","link":"https://generator.swagger.io/api/gen/download/c5e3bb5f-4262-4bd1-b050-c060d5f28671"}


After generating client code, open file ApiClient.java to refer SSL connection setting. 


SSLsetting
/**
     * Apply SSL related settings to httpClient according to the current values of
     * verifyingSsl and sslCaCert.
     */
    private void applySslSettings() {
        try {
            TrustManager[] trustManagers = null;
            HostnameVerifier hostnameVerifier = null;
            if (!verifyingSsl) {
                TrustManager trustAll = new X509TrustManager() {
                    @Override
                    public void checkClientTrusted(X509Certificate[] chain, String authType) throws CertificateException {}
                    @Override
                    public void checkServerTrusted(X509Certificate[] chain, String authType) throws CertificateException {}
                    @Override
                    public X509Certificate[] getAcceptedIssuers() { return null; }
                };
                SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
                trustManagers = new TrustManager[]{ trustAll };
                hostnameVerifier = new HostnameVerifier() {
                    @Override
                    public boolean verify(String hostname, SSLSession session) { return true; }
                };
            else if (sslCaCert != null) {
                char[] password = null// Any password will work.
                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                Collection<? extends Certificate> certificates = certificateFactory.generateCertificates(sslCaCert);
                if (certificates.isEmpty()) {
                    throw new IllegalArgumentException("expected non-empty set of trusted certificates");
                }
                KeyStore caKeyStore = newEmptyKeyStore(password);
                int index = 0;
                for (Certificate certificate : certificates) {
                    String certificateAlias = "ca" + Integer.toString(index++);
                    caKeyStore.setCertificateEntry(certificateAlias, certificate);
                }
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(caKeyStore);
                trustManagers = trustManagerFactory.getTrustManagers();
            }
 
            if (keyManagers != null || trustManagers != null) {
                SSLContext sslContext = SSLContext.getInstance("TLS");
                sslContext.init(keyManagers, trustManagers, new SecureRandom());
                httpClient.setSslSocketFactory(sslContext.getSocketFactory());
            else {
                httpClient.setSslSocketFactory(null);
            }
            httpClient.setHostnameVerifier(hostnameVerifier);
        catch (GeneralSecurityException e) {
            throw new RuntimeException(e);
        }
    }

SSL information

Cipher Suite : TLS_RSA_WITH_AES_128_CBC_SHA

Cert Type : X.509

Cert Hash Code : 20803571

Cert Public Key Algorithm : RSA

Cert Public Key Format : X.509

Cert Type : X.509

Cert Hash Code : 13470995

Cert Public Key Algorithm : RSA

Cert Public Key Format : X.509

SSL handshake debug
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.URL;
import java.security.cert.Certificate;
import java.util.Calendar;
import java.util.concurrent.TimeUnit;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLPeerUnverifiedException;
import org.apache.commons.lang3.time.StopWatch;

/**
 * Sample Java Https Client
 *
 * To connect and read from Https Url
 *
 * debug ssl using vm arg -Djavax.net.debug=ssl
 *
 */
 
public class JavaHttpsClient {
 
    static HttpsURLConnection conn = null;
 
    public static void main(String[] args) throws Exception {
 
        StopWatch watch = new StopWatch();
        for (int i = 0; i < 100; i++) {
            if (i == 50) {
                conn = null;
                TimeUnit.MINUTES.sleep(1);
            }

            // template httpsUrl path
            String httpsURL = "https://svcs.ebay.com/services/search/FindingService/v1";
            URL url = new URL(httpsURL);
            watch.reset();
            watch.start();

            // make connection using Java APIs
            // reference Java doc
 
            conn = (HttpsURLConnection) url.openConnection();
 
            // read the response
            System.err.println("*** start*****");
            System.err.println("Time taken for Cert loading: " + String.format("%s, %d, %s", Calendar.getInstance().getTime(), i, watch.toString()));
            print_https_cert(conn);
            print_content(conn);
            watch.stop();
 
            System.err.println("Time taken with Handshake: " + String.format("%s, %d , %s", Calendar.getInstance().getTime(), i, watch.toString()));
 
        }
    }
 
 
    private static void print_content(HttpsURLConnection con) {
 
        if (con != null) {
 
            try {

                System.out.println("****** Content of the URL ********");
                BufferedReader br = new BufferedReader(new InputStreamReader(con.getErrorStream()));
                String input;

                while ((input = br.readLine()) != null) {
                    System.out.println(input);
                }
                br.close();
 
            catch (IOException e) {
                e.printStackTrace();
            }
        }
    }
 
 
    private static void print_https_cert(HttpsURLConnection con) {

        if (con != null) {
            try {

                System.out.println("Response Code : " + con.getResponseCode());
                System.out.println("Cipher Suite : " + con.getCipherSuite());
                System.out.println("\n");
 
                Certificate[] certs = con.getServerCertificates();

                for (Certificate cert : certs) {

                    System.out.println("Cert Type : " + cert.getType());
                    System.out.println("Cert Hash Code : " + cert.hashCode());
                    System.out.println("Cert Public Key Algorithm : " + cert.getPublicKey().getAlgorithm());
                    System.out.println("Cert Public Key Format : " + cert.getPublicKey().getFormat());
                    System.out.println("\n");
 
                }

            catch (SSLPeerUnverifiedException e) {
                e.printStackTrace();
            catch (IOException e) {
                e.printStackTrace();
            }

        }
    }
 
}


Sample response with ssl debug :

SSL debug response

keyStore is : 

keyStore type is : jks

keyStore provider is : 

init keystore

init keymanager of type SunX509

trustStore is: /Users/dvijayan/Downloads/ride-5.2.1-mac64/OracleJDK-1.7.0_79_2/Contents/Home/jre/lib/security/cacerts

trustStore type is : jks

trustStore provider is : 

init truststore

adding as trusted cert:

 Subject: CN=eBay Inc. INTERMEDIATE, O=eBay Inc, C=US

 Issuer:  CN=eBay Inc. ROOT, O=eBay Inc, C=US

 Algorithm: RSA; Serial number: 0x61055f9c000000000003

Valid from Tue Jun 14 14:34:50 PDT 2011 until Wed Jun 14 14:44:50 PDT 2017

   adding as trusted cert:

   Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH

   Issuer:  CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH

  Algorithm: RSA; Serial number: 0x4eb200670c035d4f

  Valid from Wed Oct 25 01:36:00 PDT 2006 until Sat Oct 25 01:36:00 PDT 2036

  adding as trusted cert:

  Subject: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network

  Issuer:  EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network

  Algorithm: RSA; Serial number: 0x1

  Valid from Fri Jun 25 15:23:48 PDT 1999 until Tue Jun 25 15:23:48 PDT 2019


adding as trusted cert:

  Subject: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US

  Issuer:  CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US

  Algorithm: RSA; Serial number: 0x344ed55720d5edec49f42fce37db2b6d

  Valid from Thu Nov 16 16:00:00 PST 2006 until Wed Jul 16 16:59:59 PDT 2036


adding as trusted cert:

  Subject: CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US

  Issuer:  CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US

  Algorithm: RSA; Serial number: 0x456b5054

  Valid from Mon Nov 27 12:23:42 PST 2006 until Fri Nov 27 12:53:42 PST 2026


adding as trusted cert:

  Subject: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR

  Issuer:  CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR

  Algorithm: RSA; Serial number: 0x1121bc276c5547af584eefd4ced629b2a285

  Valid from Mon May 25 17:00:00 PDT 2009 until Mon May 25 17:00:00 PDT 2020


adding as trusted cert:

  Subject: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU

  Issuer:  CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU

  Algorithm: RSA; Serial number: 0xc9cdd3e9d57d23ce

  Valid from Fri Aug 01 05:31:40 PDT 2008 until Sat Jul 31 05:31:40 PDT 2038


adding as trusted cert:

  Subject: CN=America Online Root Certification Authority 2, O=America Online Inc., C=US

  Issuer:  CN=America Online Root Certification Authority 2, O=America Online Inc., C=US

  Algorithm: RSA; Serial number: 0x1

  Valid from Mon May 27 23:00:00 PDT 2002 until Tue Sep 29 07:08:00 PDT 2037


adding as trusted cert:

  Subject: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE

  Issuer:  CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE

  Algorithm: RSA; Serial number: 0x1

  Valid from Tue May 30 03:44:50 PDT 2000 until Sat May 30 03:44:50 PDT 2020


adding as trusted cert:

  Subject: CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM

  Issuer:  CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM

  Algorithm: RSA; Serial number: 0x3ab6508b

  Valid from Mon Mar 19 10:33:33 PST 2001 until Wed Mar 17 11:33:33 PDT 2021


adding as trusted cert:

  Subject: CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH

  Issuer:  CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH

  Algorithm: RSA; Serial number: 0x4f1bd42f54bb2f4b

  Valid from Wed Oct 25 01:32:46 PDT 2006 until Sat Oct 25 01:32:46 PDT 2036


adding as trusted cert:

  Subject: OU=Security Communication EV RootCA1, O="SECOM Trust Systems CO.,LTD.", C=JP

  Issuer:  OU=Security Communication EV RootCA1, O="SECOM Trust Systems CO.,LTD.", C=JP

  Algorithm: RSA; Serial number: 0x0

  Valid from Tue Jun 05 19:12:32 PDT 2007 until Fri Jun 05 19:12:32 PDT 2037


adding as trusted cert:

  Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US

  Issuer:  CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US

  Algorithm: RSA; Serial number: 0x1

  Valid from Sun Jun 20 21:00:00 PDT 1999 until Sat Jun 20 21:00:00 PDT 2020


adding as trusted cert:

  Subject: CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH

  Issuer:  CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH

  Algorithm: RSA; Serial number: 0xbb401c43f55e4fb0

  Valid from Wed Oct 25 01:30:35 PDT 2006 until Sat Oct 25 01:30:35 PDT 2036


adding as trusted cert:

  Subject: CN=emea-802ca-01, DC=corp, DC=ebay, DC=com

  Issuer:  CN=eBay Inc. INTERMEDIATE, O=eBay Inc, C=US

  Algorithm: RSA; Serial number: 0x610331bf000000000008

  Valid from Thu Oct 11 13:19:46 PDT 2007 until Sat Jan 12 15:44:42 PST 2013


adding as trusted cert:

  Subject: EMAILADDRESS=personal-freemail@thawte.com, CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA

  Issuer:  EMAILADDRESS=personal-freemail@thawte.com, CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA

  Algorithm: RSA; Serial number: 0x123df0e7da2a2247a43889e08aeec967

  Valid from Sun Dec 31 16:00:00 PST 1995 until Fri Jan 01 15:59:59 PST 2021


adding as trusted cert:

  Subject: CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US

  Issuer:  CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US

  Algorithm: RSA; Serial number: 0x600197b746a7eab4b49ad64b2ff790fb

  Valid from Tue Apr 01 17:00:00 PDT 2008 until Tue Dec 01 15:59:59 PST 2037


adding as trusted cert:

  Subject: CN=emea-sslca-01, DC=corp, DC=ebay, DC=com

  Issuer:  CN=eBay Inc. INTERMEDIATE, O=eBay Inc, C=US

  Algorithm: RSA; Serial number: 0x610364d5000000000009

  Valid from Thu Oct 11 13:19:59 PDT 2007 until Sat Jan 12 15:44:42 PST 2013


adding as trusted cert:

  Subject: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US

  Issuer:  CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US

  Algorithm: RSA; Serial number: 0x1a5

  Valid from Wed Aug 12 17:29:00 PDT 1998 until Mon Aug 13 16:59:00 PDT 2018


adding as trusted cert:

  Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE

  Issuer:  CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE

  Algorithm: RSA; Serial number: 0x20000b9

  Valid from Fri May 12 11:46:00 PDT 2000 until Mon May 12 16:59:00 PDT 2025


adding as trusted cert:

  Subject: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US

  Issuer:  OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US

  Algorithm: RSA; Serial number: 0x3f691e819cf09a4af373ffb948a2e4dd

  Valid from Sun Jan 28 16:00:00 PST 1996 until Wed Aug 02 16:59:59 PDT 2028


adding as trusted cert:

  Subject: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

  Issuer:  CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

  Algorithm: RSA; Serial number: 0x2ac5c266a0b409b8f0b79f2ae462577

  Valid from Thu Nov 09 16:00:00 PST 2006 until Sun Nov 09 16:00:00 PST 2031


adding as trusted cert:

  Subject: CN=eBay Inc. INTERMEDIATE, O=eBay Inc, C=US

  Issuer:  CN=eBay Inc. ROOT, O=eBay Inc, C=US

  Algorithm: RSA; Serial number: 0x613b545a000000000002

  Valid from Fri Jan 12 15:34:42 PST 2007 until Sat Jan 12 15:44:42 PST 2013


adding as trusted cert:

  Subject: CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM

  Issuer:  CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM

  Algorithm: RSA; Serial number: 0x509

  Valid from Fri Nov 24 10:27:00 PST 2006 until Mon Nov 24 10:23:33 PST 2031


adding as trusted cert:

  Subject: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE

  Issuer:  CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE

  Algorithm: RSA; Serial number: 0x20000bf

  Valid from Wed May 17 07:01:00 PDT 2000 until Sat May 17 16:59:00 PDT 2025


adding as trusted cert:

  Subject: CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE

  Issuer:  CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE

  Algorithm: RSA; Serial number: 0x1

  Valid from Wed Oct 01 03:29:56 PDT 2008 until Sat Oct 01 16:59:59 PDT 2033


adding as trusted cert:

  Subject: CN=amer-sslca-01, DC=corp, DC=ebay, DC=com

  Issuer:  CN=eBay Inc. INTERMEDIATE, O=eBay Inc, C=US

  Algorithm: RSA; Serial number: 0x61030938000000000005

  Valid from Tue Jan 16 16:50:06 PST 2007 until Sat Jan 12 15:44:42 PST 2013


adding as trusted cert:

  Subject: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net

  Issuer:  CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net

  Algorithm: RSA; Serial number: 0x3863def8

  Valid from Fri Dec 24 09:50:51 PST 1999 until Tue Jul 24 07:15:12 PDT 2029


adding as trusted cert:

  Subject: CN=TC TrustCenter Class 4 CA II, OU=TC TrustCenter Class 4 CA, O=TC TrustCenter GmbH, C=DE

  Issuer:  CN=TC TrustCenter Class 4 CA II, OU=TC TrustCenter Class 4 CA, O=TC TrustCenter GmbH, C=DE

  Algorithm: RSA; Serial number: 0x5c00001000241d0060a4dce7510

  Valid from Thu Mar 23 06:10:23 PST 2006 until Wed Dec 31 14:59:59 PST 2025


adding as trusted cert:

  Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US

  Issuer:  OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US

  Algorithm: RSA; Serial number: 0xb92f60cc889fa17a4609b85b706c8aaf

  Valid from Sun May 17 17:00:00 PDT 1998 until Tue Aug 01 16:59:59 PDT 2028


adding as trusted cert:

  Subject: CN=thawte Primary Root CA - G2, OU="(c) 2007 thawte, Inc. - For authorized use only", O="thawte, Inc.", C=US

  Issuer:  CN=thawte Primary Root CA - G2, OU="(c) 2007 thawte, Inc. - For authorized use only", O="thawte, Inc.", C=US

  Algorithm: EC; Serial number: 0x35fc265cd9844fc93d263d579baed756

  Valid from Sun Nov 04 16:00:00 PST 2007 until Mon Jan 18 15:59:59 PST 2038


adding as trusted cert:

  Subject: EMAILADDRESS=server-certs@thawte.com, CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA

  Issuer:  EMAILADDRESS=server-certs@thawte.com, CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA

  Algorithm: RSA; Serial number: 0x34a4fff630af4ca53c331742a1946675

  Valid from Wed Jul 31 17:00:00 PDT 1996 until Fri Jan 01 15:59:59 PST 2021


adding as trusted cert:

  Subject: CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche Telekom AG, C=DE

  Issuer:  CN=Deutsche Telekom Root CA 2, OU=T-TeleSec Trust Center, O=Deutsche Telekom AG, C=DE

  Algorithm: RSA; Serial number: 0x26

  Valid from Fri Jul 09 05:11:00 PDT 1999 until Tue Jul 09 16:59:00 PDT 2019


adding as trusted cert:

  Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US

  Issuer:  CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US

  Algorithm: RSA; Serial number: 0x374ad243

  Valid from Tue May 25 09:09:40 PDT 1999 until Sat May 25 09:39:40 PDT 2019


adding as trusted cert:

  Subject: CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US

  Issuer:  CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US

  Algorithm: RSA; Serial number: 0x1

  Valid from Wed Mar 03 21:00:00 PST 2004 until Sat Mar 03 21:00:00 PST 2029


adding as trusted cert:

  Subject: CN=TC TrustCenter Universal CA I, OU=TC TrustCenter Universal CA, O=TC TrustCenter GmbH, C=DE

  Issuer:  CN=TC TrustCenter Universal CA I, OU=TC TrustCenter Universal CA, O=TC TrustCenter GmbH, C=DE

  Algorithm: RSA; Serial number: 0x1da200010002ecb76080788db606

  Valid from Wed Mar 22 07:54:28 PST 2006 until Wed Dec 31 14:59:59 PST 2025


adding as trusted cert:

  Subject: CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE

  Issuer:  CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE

  Algorithm: RSA; Serial number: 0x1

  Valid from Wed Oct 01 03:40:14 PDT 2008 until Sat Oct 01 16:59:59 PDT 2033


adding as trusted cert:

  Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

  Issuer:  CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

  Algorithm: RSA; Serial number: 0x9b7e0649a33e62b9d5ee90487129ef57

  Valid from Thu Sep 30 17:00:00 PDT 1999 until Wed Jul 16 16:59:59 PDT 2036


adding as trusted cert:

  Subject: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network

  Issuer:  EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network

  Algorithm: RSA; Serial number: 0x1

  Valid from Fri Jun 25 17:19:54 PDT 1999 until Tue Jun 25 17:19:54 PDT 2019


adding as trusted cert:

  Subject: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

  Issuer:  CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

  Algorithm: RSA; Serial number: 0x83be056904246b1a1756ac95991c74a

  Valid from Thu Nov 09 16:00:00 PST 2006 until Sun Nov 09 16:00:00 PST 2031


adding as trusted cert:

  Subject: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE

  Issuer:  CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE

  Algorithm: RSA; Serial number: 0x1

  Valid from Tue May 30 03:38:31 PDT 2000 until Sat May 30 03:38:31 PDT 2020


adding as trusted cert:

  Subject: CN=AMER-SSLCA-02, DC=corp, DC=ebay, DC=com

  Issuer:  CN=eBay Inc. INTERMEDIATE, O=eBay Inc, C=US

  Algorithm: RSA; Serial number: 0x6107f71f000100000016

  Valid from Mon Sep 26 10:50:53 PDT 2011 until Wed Jun 14 14:44:50 PDT 2017


adding as trusted cert:

  Subject: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE

  Issuer:  CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE

  Algorithm: RSA; Serial number: 0x1

  Valid from Tue May 30 03:48:38 PDT 2000 until Sat May 30 03:48:38 PDT 2020


adding as trusted cert:

  Subject: CN=Class 2 Primary CA, O=Certplus, C=FR

  Issuer:  CN=Class 2 Primary CA, O=Certplus, C=FR

  Algorithm: RSA; Serial number: 0x85bd4bf3d8dae369f694d75fc3a54423

  Valid from Wed Jul 07 10:05:00 PDT 1999 until Sat Jul 06 16:59:59 PDT 2019


adding as trusted cert:

  Subject: CN=eBay Root CA, O=eBay Inc, C=us

  Issuer:  CN=eBay Root CA, O=eBay Inc, C=us

  Algorithm: RSA; Serial number: 0x4500888247008e884cd02d71a035810e

  Valid from Thu Sep 24 12:00:53 PDT 2015 until Mon Sep 24 12:08:04 PDT 2035


adding as trusted cert:

  Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US

  Issuer:  OU=Equifax Secure Certificate Authority, O=Equifax, C=US

  Algorithm: RSA; Serial number: 0x35def4cf

  Valid from Sat Aug 22 09:41:51 PDT 1998 until Wed Aug 22 09:41:51 PDT 2018


adding as trusted cert:

  Subject: CN=amer-802ca-01, DC=corp, DC=ebay, DC=com

  Issuer:  CN=eBay Inc. INTERMEDIATE, O=eBay Inc, C=US

  Algorithm: RSA; Serial number: 0x6102f301000000000003

  Valid from Tue Jan 16 16:50:00 PST 2007 until Sat Jan 12 15:44:42 PST 2013


adding as trusted cert:

  Subject: CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU

  Issuer:  CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU

  Algorithm: RSA; Serial number: 0xa3da427ea4b1aeda

  Valid from Fri Aug 01 05:29:50 PDT 2008 until Sat Jul 31 05:29:50 PDT 2038


adding as trusted cert:

  Subject: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

  Issuer:  CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

  Algorithm: RSA; Serial number: 0x6170cb498c5f984529e7b0a6d9505b7a

  Valid from Thu Sep 30 17:00:00 PDT 1999 until Wed Jul 16 16:59:59 PDT 2036


adding as trusted cert:

  Subject: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB

  Issuer:  CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB

  Algorithm: RSA; Serial number: 0x1

  Valid from Wed Dec 31 16:00:00 PST 2003 until Sun Dec 31 15:59:59 PST 2028


adding as trusted cert:

  Subject: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US

  Issuer:  CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US

  Algorithm: RSA; Serial number: 0x4

  Valid from Sun Jun 20 21:00:00 PDT 1999 until Sat Jun 20 21:00:00 PDT 2020


adding as trusted cert:

  Subject: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US

  Issuer:  OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US

  Algorithm: RSA; Serial number: 0x0

  Valid from Tue Jun 29 10:39:16 PDT 2004 until Thu Jun 29 10:39:16 PDT 2034


adding as trusted cert:

  Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US

  Issuer:  OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US

  Algorithm: RSA; Serial number: 0x4cc7eaaa983e71d39310f83d3a899192

  Valid from Sun May 17 17:00:00 PDT 1998 until Tue Aug 01 16:59:59 PDT 2028


adding as trusted cert:

  Subject: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

  Issuer:  CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

  Algorithm: RSA; Serial number: 0xce7e0e517d846fe8fe560fc1bf03039

  Valid from Thu Nov 09 16:00:00 PST 2006 until Sun Nov 09 16:00:00 PST 2031


adding as trusted cert:

  Subject: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE

  Issuer:  CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE

  Algorithm: RSA; Serial number: 0x40000000001154b5ac394

  Valid from Tue Sep 01 05:00:00 PDT 1998 until Fri Jan 28 04:00:00 PST 2028


adding as trusted cert:

  Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US

  Issuer:  OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US

  Algorithm: RSA; Serial number: 0x7dd9fe07cfa81eb7107967fba78934c6

  Valid from Sun May 17 17:00:00 PDT 1998 until Tue Aug 01 16:59:59 PDT 2028


adding as trusted cert:

  Subject: CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM

  Issuer:  CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM

  Algorithm: RSA; Serial number: 0x5c6

  Valid from Fri Nov 24 11:11:23 PST 2006 until Mon Nov 24 11:06:44 PST 2031


adding as trusted cert:

  Subject: CN=Certum CA, O=Unizeto Sp. z o.o., C=PL

  Issuer:  CN=Certum CA, O=Unizeto Sp. z o.o., C=PL

  Algorithm: RSA; Serial number: 0x10020

  Valid from Tue Jun 11 03:46:39 PDT 2002 until Fri Jun 11 03:46:39 PDT 2027


adding as trusted cert:

  Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2

  Issuer:  CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2

  Algorithm: RSA; Serial number: 0x400000000010f8626e60d

  Valid from Fri Dec 15 00:00:00 PST 2006 until Wed Dec 15 00:00:00 PST 2021


adding as trusted cert:

  Subject: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA

  Issuer:  EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA

  Algorithm: RSA; Serial number: 0x36122296c5e338a520a1d25f4cd70954

  Valid from Wed Jul 31 17:00:00 PDT 1996 until Fri Jan 01 15:59:59 PST 2021


adding as trusted cert:

  Subject: CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU

  Issuer:  CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU

  Algorithm: RSA; Serial number: 0x0

  Valid from Tue Sep 30 09:13:43 PDT 2003 until Wed Sep 30 09:13:44 PDT 2037


adding as trusted cert:

  Subject: CN=Entrust Root Certification Authority - G2, OU="(c) 2009 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US

  Issuer:  CN=Entrust Root Certification Authority - G2, OU="(c) 2009 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US

  Algorithm: RSA; Serial number: 0x4a538c28

  Valid from Tue Jul 07 10:25:54 PDT 2009 until Sat Dec 07 09:55:54 PST 2030


adding as trusted cert:

  Subject: CN=eBay Inc. ROOT, O=eBay Inc, C=US

  Issuer:  CN=eBay Inc. ROOT, O=eBay Inc, C=US

  Algorithm: RSA; Serial number: 0x668976c845fd1ea54e0b7d5c9f5911eb

  Valid from Fri Jan 12 14:16:55 PST 2007 until Sat Jan 12 14:23:12 PST 2019


adding as trusted cert:

  Subject: CN=Class 3P Primary CA, O=Certplus, C=FR

  Issuer:  CN=Class 3P Primary CA, O=Certplus, C=FR

  Algorithm: RSA; Serial number: 0xbf5cdbb6f21c6ec04deb7a023b36e879

  Valid from Wed Jul 07 10:10:00 PDT 1999 until Sat Jul 06 16:59:59 PDT 2019


adding as trusted cert:

  Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

  Issuer:  CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

  Algorithm: RSA; Serial number: 0x18dad19e267de8bb4a2158cdcc6b3b4a

  Valid from Tue Nov 07 16:00:00 PST 2006 until Wed Jul 16 16:59:59 PDT 2036


adding as trusted cert:

  Subject: CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

  Issuer:  CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

  Algorithm: RSA; Serial number: 0x401ac46421b31321030ebbe4121ac51d

  Valid from Tue Apr 01 17:00:00 PDT 2008 until Tue Dec 01 15:59:59 PST 2037


adding as trusted cert:

  Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US

  Issuer:  CN=GeoTrust Global CA, O=GeoTrust Inc., C=US

  Algorithm: RSA; Serial number: 0x23456

  Valid from Mon May 20 21:00:00 PDT 2002 until Fri May 20 21:00:00 PDT 2022


adding as trusted cert:

  Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US

  Issuer:  OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US

  Algorithm: RSA; Serial number: 0x3c9131cb1ff6d01b0e9ab8d044bf12be

  Valid from Sun Jan 28 16:00:00 PST 1996 until Wed Aug 02 16:59:59 PDT 2028


adding as trusted cert:

  Subject: CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

  Issuer:  CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL

  Algorithm: RSA; Serial number: 0x444c0

  Valid from Wed Oct 22 05:07:37 PDT 2008 until Mon Dec 31 04:07:37 PST 2029


adding as trusted cert:

  Subject: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP

  Issuer:  OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP

  Algorithm: RSA; Serial number: 0x0

  Valid from Mon Sep 29 21:20:49 PDT 2003 until Fri Sep 29 21:20:49 PDT 2023


adding as trusted cert:

  Subject: CN=Sonera Class1 CA, O=Sonera, C=FI

  Issuer:  CN=Sonera Class1 CA, O=Sonera, C=FI

  Algorithm: RSA; Serial number: 0x24

  Valid from Fri Apr 06 03:49:13 PDT 2001 until Tue Apr 06 03:49:13 PDT 2021


adding as trusted cert:

  Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US

  Issuer:  OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US

  Algorithm: RSA; Serial number: 0x0

  Valid from Tue Jun 29 10:06:20 PDT 2004 until Thu Jun 29 10:06:20 PDT 2034


adding as trusted cert:

  Subject: CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US

  Issuer:  CN=UTN-USERFirst-Client Authentication and Email, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US

  Algorithm: RSA; Serial number: 0x44be0c8b500024b411d336252567c989

  Valid from Fri Jul 09 10:28:50 PDT 1999 until Tue Jul 09 10:36:58 PDT 2019


adding as trusted cert:

  Subject: CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US

  Issuer:  CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US

  Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362afe650afd

  Valid from Fri Jul 09 11:10:42 PDT 1999 until Tue Jul 09 11:19:22 PDT 2019


adding as trusted cert:

  Subject: CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US

  Issuer:  CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US

  Algorithm: RSA; Serial number: 0x18acb56afd69b6153a636cafdafac4a1

  Valid from Sun Nov 26 16:00:00 PST 2006 until Wed Jul 16 16:59:59 PDT 2036


adding as trusted cert:

  Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3

  Issuer:  CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3

  Algorithm: RSA; Serial number: 0x4000000000121585308a2

  Valid from Wed Mar 18 03:00:00 PDT 2009 until Sun Mar 18 03:00:00 PDT 2029


adding as trusted cert:

  Subject: CN=GeoTrust Primary Certification Authority - G2, OU=(c) 2007 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US

  Issuer:  CN=GeoTrust Primary Certification Authority - G2, OU=(c) 2007 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US

  Algorithm: EC; Serial number: 0x3cb2f4480a00e2feeb243b5e603ec36b

  Valid from Sun Nov 04 16:00:00 PST 2007 until Mon Jan 18 15:59:59 PST 2038


adding as trusted cert:

  Subject: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

  Issuer:  CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

  Algorithm: RSA; Serial number: 0x8b5b75568454850b00cfaf3848ceb1a4

  Valid from Thu Sep 30 17:00:00 PDT 1999 until Wed Jul 16 16:59:59 PDT 2036


adding as trusted cert:

  Subject: CN=America Online Root Certification Authority 1, O=America Online Inc., C=US

  Issuer:  CN=America Online Root Certification Authority 1, O=America Online Inc., C=US

  Algorithm: RSA; Serial number: 0x1

  Valid from Mon May 27 23:00:00 PDT 2002 until Thu Nov 19 12:43:00 PST 2037


adding as trusted cert:

  Subject: OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.", C=JP

  Issuer:  OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.", C=JP

  Algorithm: RSA; Serial number: 0x0

  Valid from Thu May 28 22:00:39 PDT 2009 until Mon May 28 22:00:39 PDT 2029


adding as trusted cert:

  Subject: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA

  Issuer:  CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA

  Algorithm: RSA; Serial number: 0x0

  Valid from Tue Dec 31 16:00:00 PST 1996 until Thu Dec 31 15:59:59 PST 2020


adding as trusted cert:

  Subject: CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US

  Issuer:  CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US

  Algorithm: RSA; Serial number: 0x15ac6e9419b2794b41f627a9c3180f1f

  Valid from Tue Apr 01 17:00:00 PDT 2008 until Tue Dec 01 15:59:59 PST 2037


adding as trusted cert:

  Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

  Issuer:  CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

  Algorithm: EC; Serial number: 0x2f80fe238c0e220f486712289187acb3

  Valid from Sun Nov 04 16:00:00 PST 2007 until Mon Jan 18 15:59:59 PST 2038


adding as trusted cert:

  Subject: CN=eBay SSL CA v2 - A, O=eBay Inc, C=US

  Issuer:  CN=eBay Root CA, O=eBay Inc, C=us

  Algorithm: RSA; Serial number: 0x6800000004b4491dd58df45b9b000000000004

  Valid from Wed Oct 14 11:35:33 PDT 2015 until Wed Oct 14 11:45:33 PDT 2020


adding as trusted cert:

  Subject: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US

  Issuer:  CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US

  Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362de0b35f1b

  Valid from Fri Jul 09 11:31:20 PDT 1999 until Tue Jul 09 11:40:36 PDT 2019


adding as trusted cert:

  Subject: CN=UTN - DATACorp SGC, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US

  Issuer:  CN=UTN - DATACorp SGC, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US

  Algorithm: RSA; Serial number: 0x44be0c8b500021b411d32a6806a9ad69

  Valid from Thu Jun 24 11:57:21 PDT 1999 until Mon Jun 24 12:06:30 PDT 2019


adding as trusted cert:

  Subject: CN=Sonera Class2 CA, O=Sonera, C=FI

  Issuer:  CN=Sonera Class2 CA, O=Sonera, C=FI

  Algorithm: RSA; Serial number: 0x1d

  Valid from Fri Apr 06 00:29:40 PDT 2001 until Tue Apr 06 00:29:40 PDT 2021


adding as trusted cert:

  Subject: CN=TC TrustCenter Class 2 CA II, OU=TC TrustCenter Class 2 CA, O=TC TrustCenter GmbH, C=DE

  Issuer:  CN=TC TrustCenter Class 2 CA II, OU=TC TrustCenter Class 2 CA, O=TC TrustCenter GmbH, C=DE

  Algorithm: RSA; Serial number: 0x2e6a000100021fd752212c115c3b

  Valid from Thu Jan 12 06:38:43 PST 2006 until Wed Dec 31 14:59:59 PST 2025


trigger seeding of SecureRandom

done seeding SecureRandom

*** start*****

Time taken for Cert loading: Thu Nov 14 15:00:02 PST 2019, 0, 0:00:00.234

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256

Allow unsafe renegotiation: false

Allow legacy hello messages: true

Is initial handshake: true

Is secure renegotiation: false

main, setSoTimeout(0) called

%% No cached client session

*** ClientHello, TLSv1

RandomCookie:  GMT: 1556929650 bytes = { 202, 1, 61, 51, 100, 130, 137, 98, 94, 25, 40, 7, 111, 17, 30, 68, 117, 193, 151, 120, 97, 25, 89, 248, 61, 98, 62, 246 }

Session ID:  {}

Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]

Compression Methods:  { 0 }

Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}

Extension ec_point_formats, formats: [uncompressed]

Extension server_name, server_name: [host_name: svcs.ebay.com]

***

main, WRITE: TLSv1 Handshake, length = 185

main, READ: TLSv1 Handshake, length = 2859

*** ServerHello, TLSv1

RandomCookie:  GMT: 1556929650 bytes = { 176, 89, 5, 55, 161, 169, 82, 151, 156, 53, 230, 146, 92, 40, 204, 199, 24, 199, 124, 26, 64, 12, 216, 10, 222, 217, 131, 208 }

Session ID:  {49, 50, 234, 86, 157, 52, 190, 216, 98, 42, 119, 111, 162, 31, 83, 194, 127, 172, 165, 131, 231, 85, 61, 192, 46, 247, 226, 31, 107, 112, 31, 94}

Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA

Compression Method: 0

Extension renegotiation_info, renegotiated_connection: <empty>

***

%% Initialized:  [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]

** TLS_RSA_WITH_AES_128_CBC_SHA

*** Certificate chain

chain [0] = [

[

  Version: V3

  Subject: CN=svcs.ebay.com, OU=Site Operations, O="eBay, Inc.", L=San Jose, ST=California, C=US

  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11


  Key:  Sun RSA public key, 2048 bits

  modulus: 24875480757271358822157074345155834907896960333859714554092391454193065745440765464395653930349957186246235096598927827352805176060265678917228207802850147689842376236961947168244359820720660214127309322995714857664944721303432602922056910137218521678132097473212450910721542662632167805831906812707621234409723908685269952140340068596838774620866220427558828613497943173475096788894545659865706776957265830573383650522287379377733151553831086872215851121770705045866827903231168438934641519364925509740896387146208226283645296800928951516520472846182617923111037820042469516959243949956210850583915995858600815529911

  public exponent: 65537

  Validity: [From: Sun Jun 30 17:00:00 PDT 2019,

               To: Fri Jul 24 05:00:00 PDT 2020]

  Issuer: CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US

  SerialNumber: [    0cc5ce29 6be514ae 44315bbf 9525fae7]


Certificate Extensions: 10

[1]: ObjectId: 1.3.6.1.4.1.11129.2.4.2 Criticality=false

Extension unknown: DER encoded OCTET string =

0000: 04 81 F4 04 81 F1 00 EF   00 75 00 EE 4B BD B7 75  .........u..K..u

0010: CE 60 BA E1 42 69 1F AB   E1 9E 66 A3 0F 7E 5F B0  .`..Bi....f..._.

0020: 72 D8 83 00 C4 7B 89 7A   A8 FD CB 00 00 01 6B AB  r......z......k.

0030: C7 37 65 00 00 04 03 00   46 30 44 02 20 68 D5 CD  .7e.....F0D. h..

0040: DE 10 FB 4F E3 70 50 87   9A D4 A9 32 C5 D4 A2 FD  ...O.pP....2....

0050: DA 00 BB 56 8D 73 D5 B5   8D 48 98 B7 CE 02 20 76  ...V.s...H.... v

0060: 3D 57 6C FA 9B B2 27 61   2D E9 DB EE D2 0E B2 DE  =Wl...'a-.......

0070: 46 5A 65 C7 0B EE 9D 7E   97 58 CC 2C B1 6B EC 00  FZe......X.,.k..

0080: 76 00 87 75 BF E7 59 7C   F8 8C 43 99 5F BD F3 6E  v..u..Y...C._..n

0090: FF 56 8D 47 56 36 FF 4A   B5 60 C1 B4 EA FF 5E A0  .V.GV6.J.`....^.

00A0: 83 0F 00 00 01 6B AB C7   37 9E 00 00 04 03 00 47  .....k..7......G

00B0: 30 45 02 20 71 0D 14 C0   64 D5 E3 DA F6 1E 55 92  0E. q...d.....U.

00C0: B6 E9 22 8B 16 7B A3 D7   A1 84 C4 73 0A F3 42 55  .."........s..BU

00D0: F0 8E 6D EF 02 21 00 C7   90 6B CC AE 98 F2 F8 59  ..m..!...k.....Y

00E0: E2 43 99 05 5D 63 49 EF   D9 00 D1 AE 0A 28 19 48  .C..]cI......(.H

00F0: 23 82 EC C0 90 9C 56                               #.....V



[2]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false

AuthorityInfoAccess [

  [

   accessMethod: ocsp

   accessLocation: URIName: http://ocsp.digicert.com

   accessMethod: caIssuers

   accessLocation: URIName: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt

]

]


[3]: ObjectId: 2.5.29.35 Criticality=false

AuthorityKeyIdentifier [

KeyIdentifier [

0000: 0F 80 61 1C 82 31 61 D5   2F 28 E7 8D 46 38 B4 2C  ..a..1a./(..F8.,

0010: E1 C6 D9 E2                                        ....

]

]


[4]: ObjectId: 2.5.29.19 Criticality=false

BasicConstraints:[

  CA:false

  PathLen: undefined

]


[5]: ObjectId: 2.5.29.31 Criticality=false

CRLDistributionPoints [

  [DistributionPoint:

     [URIName: http://crl3.digicert.com/ssca-sha2-g6.crl]

, DistributionPoint:

     [URIName: http://crl4.digicert.com/ssca-sha2-g6.crl]

]]


[6]: ObjectId: 2.5.29.32 Criticality=false

CertificatePolicies [

  [CertificatePolicyId: [2.16.840.1.114412.1.1]

[PolicyQualifierInfo: [

  qualifierID: 1.3.6.1.5.5.7.2.1

  qualifier: 0000: 16 1C 68 74 74 70 73 3A   2F 2F 77 77 77 2E 64 69  ..https://www.di

0010: 67 69 63 65 72 74 2E 63   6F 6D 2F 43 50 53        gicert.com/CPS

]]  ]

  [CertificatePolicyId: [2.23.140.1.2.2]

[]  ]

]

[7]: ObjectId: 2.5.29.37 Criticality=false

ExtendedKeyUsages [

  serverAuth

  clientAuth

]


[8]: ObjectId: 2.5.29.15 Criticality=true

KeyUsage [

  DigitalSignature

  Key_Encipherment

]


[9]: ObjectId: 2.5.29.17 Criticality=false

SubjectAlternativeName [

  DNSName: svcs.ebay.com

]


[10]: ObjectId: 2.5.29.14 Criticality=false

SubjectKeyIdentifier [

KeyIdentifier [

0000: AD AA 16 E1 EB 25 10 07   B7 AC C8 5F 57 FE 13 CC  .....%....._W...

0010: B3 71 6A 6C                                        .qjl

]

]


]

  Algorithm: [SHA256withRSA]

  Signature:

0000: 13 9B 46 90 D9 41 53 C9   1E 5C E8 6D 4B 8D 48 80  ..F..AS..\.mK.H.

0010: 25 B4 22 6A 39 4F 7D 08   F7 F3 C2 31 A3 DB 4E 47  %."j9O.....1..NG

0020: 49 A1 32 01 C3 33 21 27   8A B7 DF 44 66 A5 E8 6D  I.2..3!'...Df..m

0030: AB 09 72 A2 06 DC A4 FC   B8 1D 49 54 BD C4 A1 45  ..r.......IT...E

0040: F8 30 D9 02 B8 1B D8 0B   3B 32 31 6D 32 D6 EE 75  .0......;21m2..u

0050: 7A F2 A4 67 53 DC 2E 7E   6D 37 93 43 58 36 C0 C5  z..gS...m7.CX6..

0060: 50 BB 72 D8 3C BC C2 3A   76 9D 49 F2 56 52 A9 DB  P.r.<..:v.I.VR..

0070: 19 AD F6 8B B3 43 62 A6   FE 06 CC 6A 1B 29 C1 85  .....Cb....j.)..

0080: F3 AF BD 26 94 01 6A A3   34 96 0F 86 7C 8F 18 ED  ...&..j.4.......

0090: 5A D8 DC F1 F2 9C D4 51   28 63 43 3B 5A C4 BA 55  Z......Q(cC;Z..U

00A0: 47 9D 32 BE 19 3B FF E3   0C 5D A3 08 9C 31 CD 0E  G.2..;...]...1..

00B0: D4 F7 A6 F9 CC 32 86 97   AB CD 98 8F E4 8D 8D B9  .....2..........

00C0: 06 12 99 D7 AA DA 9A BA   B6 12 02 B7 21 71 5D 88  ............!q].

00D0: 7A 3F 74 1A E2 BD 84 73   9E 3C D4 8F C9 E0 64 5F  z?t....s.<....d_

00E0: 67 81 D6 B5 10 6A 1F FA   E4 C7 18 D7 4E 35 8A 53  g....j......N5.S

00F0: 4C 09 26 27 67 4F 2E AF   54 70 85 95 74 53 A1 BF  L.&'gO..Tp..tS..


]

chain [1] = [

[

  Version: V3

  Subject: CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US

  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11


  Key:  Sun RSA public key, 2048 bits

  modulus: 27858400285679723188777933283712642951289579686400775596360785472462618845441045591174031407467141927949303967273640603370583027943461489694611514307846044788608302737755893035638149922272068624160730850926560034092625156444445564936562297688651849223419070532331233030323585681010618165796464257277453762819678070632408347042070801988771058882131228632546107451893714991242153395658429259537934263208634002792828772169217510656239241005311075681025394047894661420520700962300445533960645787118986590875906485125942483622981513806162241672544997253865343228332025582679476240480384023017494305830194847248717881628827

  public exponent: 65537

  Validity: [From: Fri Mar 08 04:00:00 PST 2013,

               To: Wed Mar 08 04:00:00 PST 2023]

  Issuer: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

  SerialNumber: [    01fda3eb 6eca75c8 88438b72 4bcfbc91]


Certificate Extensions: 7

[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false

AuthorityInfoAccess [

  [

   accessMethod: ocsp

   accessLocation: URIName: http://ocsp.digicert.com

]

]


[2]: ObjectId: 2.5.29.35 Criticality=false

AuthorityKeyIdentifier [

KeyIdentifier [

0000: 03 DE 50 35 56 D1 4C BB   66 F0 A3 E2 1B 1B C3 97  ..P5V.L.f.......

0010: B2 3D D1 55                                        .=.U

]

]


[3]: ObjectId: 2.5.29.19 Criticality=true

BasicConstraints:[

  CA:true

  PathLen:0

]


[4]: ObjectId: 2.5.29.31 Criticality=false

CRLDistributionPoints [

  [DistributionPoint:

     [URIName: http://crl3.digicert.com/DigiCertGlobalRootCA.crl]

, DistributionPoint:

     [URIName: http://crl4.digicert.com/DigiCertGlobalRootCA.crl]

]]


[5]: ObjectId: 2.5.29.32 Criticality=false

CertificatePolicies [

  [CertificatePolicyId: [2.5.29.32.0]

[PolicyQualifierInfo: [

  qualifierID: 1.3.6.1.5.5.7.2.1

  qualifier: 0000: 16 1C 68 74 74 70 73 3A   2F 2F 77 77 77 2E 64 69  ..https://www.di

0010: 67 69 63 65 72 74 2E 63   6F 6D 2F 43 50 53        gicert.com/CPS


]]  ]

]


[6]: ObjectId: 2.5.29.15 Criticality=true

KeyUsage [

  DigitalSignature

  Key_CertSign

  Crl_Sign

]


[7]: ObjectId: 2.5.29.14 Criticality=false

SubjectKeyIdentifier [

KeyIdentifier [

0000: 0F 80 61 1C 82 31 61 D5   2F 28 E7 8D 46 38 B4 2C  ..a..1a./(..F8.,

0010: E1 C6 D9 E2                                        ....

]

]


]

  Algorithm: [SHA256withRSA]

  Signature:

0000: 23 3E DF 4B D2 31 42 A5   B6 7E 42 5C 1A 44 CC 69  #>.K.1B...B\.D.i

0010: D1 68 B4 5D 4B E0 04 21   6C 4B E2 6D CC B1 E0 97  .h.]K..!lK.m....

0020: 8F A6 53 09 CD AA 2A 65   E5 39 4F 1E 83 A5 6E 5C  ..S...*e.9O...n\

0030: 98 A2 24 26 E6 FB A1 ED   93 C7 2E 02 C6 4D 4A BF  ..$&.........MJ.

0040: B0 42 DF 78 DA B3 A8 F9   6D FF 21 85 53 36 60 4C  .B.x....m.!.S6`L

0050: 76 CE EC 38 DC D6 51 80   F0 C5 D6 E5 D4 4D 27 64  v..8..Q......M'd

0060: AB 9B C7 3E 71 FB 48 97   B8 33 6D C9 13 07 EE 96  ...>q.H..3m.....

0070: A2 1B 18 15 F6 5C 4C 40   ED B3 C2 EC FF 71 C1 E3  .....\L@.....q..

0080: 47 FF D4 B9 00 B4 37 42   DA 20 C9 EA 6E 8A EE 14  G.....7B. ..n...

0090: 06 AE 7D A2 59 98 88 A8   1B 6F 2D F4 F2 C9 14 5F  ....Y....o-...._

00A0: 26 CF 2C 8D 7E ED 37 C0   A9 D5 39 B9 82 BF 19 0C  &.,...7...9.....

00B0: EA 34 AF 00 21 68 F8 AD   73 E2 C9 32 DA 38 25 0B  .4..!h..s..2.8%.

00C0: 55 D3 9A 1D F0 68 86 ED   2E 41 34 EF 7C A5 50 1D  U....h...A4...P.

00D0: BF 3A F9 D3 C1 08 0C E6   ED 1E 8A 58 25 E4 B8 77  .:.........X%..w

00E0: AD 2D 6E F5 52 DD B4 74   8F AB 49 2E 9D 3B 93 34  .-n.R..t..I..;.4

00F0: 28 1F 78 CE 94 EA C7 BD   D3 C9 6D 1C DE 5C 32 F3  (.x.......m..\2.


]

***

Found trusted certificate:

[

[

  Version: V3

  Subject: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5


  Key:  Sun RSA public key, 2048 bits

  modulus: 28559384442792876273280274398620578979733786817784174960112400169719065906301471912340204391164075730987771255281479191858503912379974443363319206013285922932969143082114108995903507302607372164107846395526169928849546930352778612946811335349917424469188917500996253619438384218721744278787164274625243781917237444202229339672234113350935948264576180342492691117960376023738627349150441152487120197333042448834154779966801277094070528166918968412433078879939664053044797116916260095055641583506170045241549105022323819314163625798834513544420165235412105694681616578431019525684868803389424296613694298865514217451303

  public exponent: 65537

  Validity: [From: Thu Nov 09 16:00:00 PST 2006,

               To: Sun Nov 09 16:00:00 PST 2031]

  Issuer: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US

  SerialNumber: [    083be056 904246b1 a1756ac9 5991c74a]


Certificate Extensions: 4

[1]: ObjectId: 2.5.29.35 Criticality=false

AuthorityKeyIdentifier [

KeyIdentifier [

0000: 03 DE 50 35 56 D1 4C BB   66 F0 A3 E2 1B 1B C3 97  ..P5V.L.f.......

0010: B2 3D D1 55                                        .=.U

]

]


[2]: ObjectId: 2.5.29.19 Criticality=true

BasicConstraints:[

  CA:true

  PathLen:2147483647

]


[3]: ObjectId: 2.5.29.15 Criticality=true

KeyUsage [

  DigitalSignature

  Key_CertSign

  Crl_Sign

]


[4]: ObjectId: 2.5.29.14 Criticality=false

SubjectKeyIdentifier [

KeyIdentifier [

0000: 03 DE 50 35 56 D1 4C BB   66 F0 A3 E2 1B 1B C3 97  ..P5V.L.f.......

0010: B2 3D D1 55                                        .=.U

]

]


]

  Algorithm: [SHA1withRSA]

  Signature:

0000: CB 9C 37 AA 48 13 12 0A   FA DD 44 9C 4F 52 B0 F4  ..7.H.....D.OR..

0010: DF AE 04 F5 79 79 08 A3   24 18 FC 4B 2B 84 C0 2D  ....yy..$..K+..-

0020: B9 D5 C7 FE F4 C1 1F 58   CB B8 6D 9C 7A 74 E7 98  .......X..m.zt..

0030: 29 AB 11 B5 E3 70 A0 A1   CD 4C 88 99 93 8C 91 70  )....p...L.....p

0040: E2 AB 0F 1C BE 93 A9 FF   63 D5 E4 07 60 D3 A3 BF  ........c...`...

0050: 9D 5B 09 F1 D5 8E E3 53   F4 8E 63 FA 3F A7 DB B4  .[.....S..c.?...

0060: 66 DF 62 66 D6 D1 6E 41   8D F2 2D B5 EA 77 4A 9F  f.bf..nA..-..wJ.

0070: 9D 58 E2 2B 59 C0 40 23   ED 2D 28 82 45 3E 79 54  .X.+Y.@#.-(.E>yT

0080: 92 26 98 E0 80 48 A8 37   EF F0 D6 79 60 16 DE AC  .&...H.7...y`...

0090: E8 0E CD 6E AC 44 17 38   2F 49 DA E1 45 3E 2A B9  ...n.D.8/I..E>*.

00A0: 36 53 CF 3A 50 06 F7 2E   E8 C4 57 49 6C 61 21 18  6S.:P.....WIla!.

00B0: D5 04 AD 78 3C 2C 3A 80   6B A7 EB AF 15 14 E9 D8  ...x<,:.k.......

00C0: 89 C1 B9 38 6C E2 91 6C   8A FF 64 B9 77 25 57 30  ...8l..l..d.w%W0

00D0: C0 1B 24 A3 E1 DC E9 DF   47 7C B5 B4 24 08 05 30  ..$.....G...$..0

00E0: EC 2D BD 0B BF 45 BF 50   B9 A9 F3 EB 98 01 12 AD  .-...E.P........

00F0: C8 88 C6 98 34 5F 8D 0A   3C C6 E9 D5 95 95 6D DE  ....4_..<.....m.


]

*** ServerHelloDone

*** ClientKeyExchange, RSA PreMasterSecret, TLSv1

main, WRITE: TLSv1 Handshake, length = 262

SESSION KEYGEN:

PreMaster Secret:

0000: 03 01 28 92 9A 43 34 F9   8B 8E E3 43 0C A5 7F 01  ..(..C4....C....

0010: 31 DF 69 25 94 2F 90 E0   0C B1 00 DF 7D 4E 3C 7A  1.i%./.......N<z

0020: B1 FF A9 2F D4 D3 60 74   39 A3 B1 C9 B6 35 27 91  .../..`t9....5'.

CONNECTION KEYGEN:

Client Nonce:

0000: 5D CD DC 72 CA 01 3D 33   64 82 89 62 5E 19 28 07  ]..r..=3d..b^.(.

0010: 6F 11 1E 44 75 C1 97 78   61 19 59 F8 3D 62 3E F6  o..Du..xa.Y.=b>.

Server Nonce:

0000: 5D CD DC 72 B0 59 05 37   A1 A9 52 97 9C 35 E6 92  ]..r.Y.7..R..5..

0010: 5C 28 CC C7 18 C7 7C 1A   40 0C D8 0A DE D9 83 D0  \(......@.......

Master Secret:

0000: CD 68 DF 3A C6 01 0F 23   50 5E F3 86 44 24 BC 07  .h.:...#P^..D$..

0010: A6 75 89 40 DB E5 B5 55   D1 CE A5 49 E2 9C 3F 34  .u.@...U...I..?4

0020: 6B 93 F4 A1 9C 4C 59 0F   B4 E5 22 70 5B 5A 03 1E  k....LY..."p[Z..

Client MAC write Secret:

0000: 65 49 C5 18 09 9E 01 2F   7A 4A 94 83 CF 4B 57 D2  eI...../zJ...KW.

0010: F4 D3 54 91                                        ..T.

Server MAC write Secret:

0000: 10 EF 0F 29 78 D3 CC 1E   AD 79 E2 03 2A FA 86 8F  ...)x....y..*...

0010: B2 9F FC 57                                        ...W

Client write key:

0000: 30 7A 92 BF 6B B5 37 CD   93 DE 2E FD 6B 8A C0 51  0z..k.7.....k..Q

Server write key:

0000: 92 2C CD 0A 82 1E 36 AD   B5 EE 90 DB 95 D4 20 72  .,....6....... r

Client write IV:

0000: B1 94 0A C1 67 F0 BF D4   31 D5 75 48 5C 44 2A A8  ....g...1.uH\D*.

Server write IV:

0000: 3C 50 13 61 13 A4 DC 82   C1 0A 53 7E 09 A5 EE 14  <P.a......S.....

main, WRITE: TLSv1 Change Cipher Spec, length = 1

*** Finished

verify_data:  { 3, 29, 212, 86, 249, 224, 58, 109, 184, 148, 64, 167 }

***

main, WRITE: TLSv1 Handshake, length = 48

main, READ: TLSv1 Change Cipher Spec, length = 1

main, READ: TLSv1 Handshake, length = 48

*** Finished

verify_data:  { 49, 237, 38, 123, 246, 25, 62, 144, 15, 200, 134, 217 }

***

%% Cached client session: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]

main, WRITE: TLSv1 Application Data, length = 208

main, READ: TLSv1 Application Data, length = 1056

Response Code : 500

Cipher Suite : TLS_RSA_WITH_AES_128_CBC_SHA



Cert Type : X.509

Cert Hash Code : 20803571

Cert Public Key Algorithm : RSA

Cert Public Key Format : X.509



Cert Type : X.509

Cert Hash Code : 13470995

Cert Public Key Algorithm : RSA

Cert Public Key Format : X.509



****** Content of the URL ********

main, READ: TLSv1 Application Data, length = 32

<?xml version='1.0' encoding='UTF-8'?><errorMessage xmlns="http://www.ebay.com/marketplace/search/v1/services"><error><errorId>2038</errorId><domain>CoreRuntime</domain><severity>Error</severity><category>System</category><message>Missing SOA operation name header</message><subdomain>System</subdomain><exceptionId>com.ebay.soaframework.common.exceptions.ServiceException</exceptionId></error></errorMessage>

Time taken with Handshake: Thu Nov 14 15:00:02 PST 2019, 0 , 0:00:00.655


Key Notes: 

  1. Java APIs uses uses HostnameVerifier and SSLSocketFactory for Https Connection and follows as per RFC 2818.
  2. More reference for Java Security : https://docs.oracle.com/javase/10/security/toc.htm
  3. How to set SSL Context for TLS 1.2 ( SSLContext sslContext = SSLContext.getInstance("TLSv1.2")); 
  4. Default SSLcontext from Open API code gen is SSLContext sslContext = SSLContext.getInstance("TLS") and chosed based on system preference.
  5. SSL debug for handshake vm arg  

    -Djavax.net.debug=ssl

How well did this answer your question?

Answers others found helpful

Print Email This Page Delicious Digg Facebook Reddit StumbleUpon Twitter