Error:
1.Certificate signature validation failed , Signature does not match
use wrong public certification
2.java.net.SocketException:Connection reset
the client tls protocol version not match
3.javax.net.ssl.SSLException:Unrecognized SSL message,plaintext connection?
将SSL发去80或者将non-ssl发去443
4.javax.net.ssl.SSLPeerUnverifiedException:peer not authenticated
When use Fiddler to monitor SoapUI request , require to import certification into c:Program Files(X86)SmartBearSoapUI-4.6.2jrelibsecuritycacerts
5.javax.security.auth.login.FailedLoginException:key '...' cannot be retrieved,no key for alias '...' found a cerfificate entry instead in key store
If JKS use in server side, it should include private key and public certificatin . But there's no import key parameter in keytool function , so can use openssl convert the key and cert to PFX file and then use keytool to convert PFX file to JKS file.
Refers link:
tibco web service over ssl
https://tibcobwblog.com/2015/03/09/implementing-https-service-with-tibco-businessworks-6-1/comment-page-1/
c# web service over ssl
https://msdn.microsoft.com/en-us/library/hh556232(v=vs.110).aspx
解决PKIX(PKIX path building failed) 问题 unable to find valid certification path to requested target
http://www.cnblogs.com/wanghaixing/p/5630070.html java InstallCert 172.16.4.133
TLS/SSL Tools and Settings
https://technet.microsoft.com/en-us/library/cc776467(v=ws.10).aspx#w2k3tr_schan_tools_hivv
openssl制作双向认证经过验证可行
http://www.360doc.com/content/12/0524/15/2150778_213390447.shtml
verify TLS version
OpenSSL> s_client -showcerts -connect 172.16.3.170:443
OpenSSL> s_client -debug -connect 172.16.3.170:443
[解决]小程序要求的 TLS 版本必须大于等于 1.2
http://www.cnblogs.com/minamiko/p/6128455.html "HKLM:SYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.2" DisabledByDefault Enabled DWord 32bit Restatt!
generate CSR from JKS
http://www.entrust.net/knowledge-base/technote.cfm?tn=8425
keytool -certreq -keyalg RSA -alias myalias -file certreq.txt -keystore c:yoursite.mykeystore
generate CERT from JKS
keytool -export -alias certificatekey -keystore keystore.jks -rfc -file public.cert
keytool -importcert -file d: emp129cert.cert -keystore d: empqareq.jks -alias "qaca"
openssl、x509、crt、cer、key、csr、ssl、tls 这些都是什么鬼?
http://www.cnblogs.com/yjmyzz/p/openssl-tutorial.html
How to enable Schannel event logging in IIS
https://support.microsoft.com/en-us/help/260729/how-to-enable-schannel-event-logging-in-iis
SoapUI not working with fiddler for REST service testing
http://stackoverflow.com/questions/22569356/soapui-not-working-with-fiddler-for-rest-service-testing
keytool -importcert -file c:FiddlerRoot.cer -keystore cacerts
TLS Cipher Suites in Windows 7
https://msdn.microsoft.com/en-us/library/windows/desktop/mt767780(v=vs.85).aspx
TLS 1.3 & TLS 1.2 Handshake & Resumption Supporting tagline
http://abbypan.github.io/2016/09/27/tls-13-resumption
Cipher suite
https://en.wikipedia.org/wiki/Cipher_suite
SSL协议详解
http://kb.cnblogs.com/page/162080/
密码套件格式:每个套件都以“SSL”开头,紧跟着的是密钥交换算法。用“With”这个词把密钥交换算法、加密算法、散列算法分开,例如:SSL_DHE_RSA_WITH_DES_CBC_SHA, 表示把DHE_RSA(带有RSA数字签名的暂时Diffie-HellMan)定义为密钥交换算法;把DES_CBC定义为加密算法;把SHA定义为散列算法。
How to restrict the use of certain cryptographic algorithms and protocols in Schannel.dll
https://support.microsoft.com/en-us/help/245030/how-to-restrict-the-use-of-certain-cryptographic-algorithms-and-protocols-in-schannel.dll
CertMgr.msc
How to disable SSL 2.0 or SSL 3.0 from IIS Server
https://blogs.msdn.microsoft.com/webapps/2014/10/29/how-to-disable-ssl-2-0-or-ssl-3-0-from-iis-server/