question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

PKIX path building failed :: javax.net.ssl.SSLHandshakeException on nvd.nist.gov

See original GitHub issue

Dear all,

We started noticing that when running dependency-check we are getting javax.net.ssl.SSLHandshakeException on nvd.nist.gov. This is sort of strange because we are not aware of anything that changed on our servers.

We are using: JDK 1.8.0_221 (build 1.8.0_221-b27) Dependency-Check Version 5.2.1

I tried the same thing directly on my machine first running the ant build that integrates with depency-check then tried using SSLPoke as suggested in another inquiry #2036 in both instances the javax.net.ssl.SSLHandshakeException exception is thrown.

%% Invalidated: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384] main, SEND TLSv1.2 ALERT: fatal, description = certificate_unknown main, WRITE: TLSv1.2 Alert, length = 2 main, called closeSocket() main, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

What I cannot figure out if the issue is on my side or on the nvd.nist.gov or something else. incidentally we noticed the issue over the weekend when the automated builds started failing because depdency-check could not complete the task:

Thanks in advance and any suggestion are greatly appreciated.

max

Exception from SSLPoke:

`Java -Djavax.net.debug=ssl SSLPoke nvd.nist.gov 443 System property jdk.tls.client.cipherSuites is set to ‘null’ System property jdk.tls.server.cipherSuites is set to ‘null’ Ignoring disabled cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA Ignoring disabled cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256 Ignoring disabled cipher suite: TLS_ECDHE_RSA_WITH_NULL_SHA Ignoring disabled cipher suite: SSL_RSA_WITH_DES_CBC_SHA Ignoring disabled cipher suite: SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA Ignoring disabled cipher suite: TLS_KRB5_WITH_DES_CBC_MD5 Ignoring disabled cipher suite: TLS_ECDH_RSA_WITH_NULL_SHA Ignoring disabled cipher suite: SSL_DH_anon_EXPORT_WITH_RC4_40_MD5 Ignoring disabled cipher suite: SSL_DH_anon_WITH_DES_CBC_SHA Ignoring disabled cipher suite: TLS_DH_anon_WITH_AES_128_CBC_SHA Ignoring disabled cipher suite: TLS_KRB5_WITH_3DES_EDE_CBC_SHA Ignoring disabled cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA Ignoring disabled cipher suite: TLS_KRB5_WITH_DES_CBC_SHA Ignoring disabled cipher suite: TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5 Ignoring disabled cipher suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA Ignoring disabled cipher suite: SSL_DHE_RSA_WITH_DES_CBC_SHA Ignoring disabled cipher suite: TLS_KRB5_WITH_3DES_EDE_CBC_MD5 Ignoring disabled cipher suite: SSL_DH_anon_WITH_RC4_128_MD5 Ignoring disabled cipher suite: TLS_ECDHE_ECDSA_WITH_NULL_SHA Ignoring disabled cipher suite: SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA Ignoring disabled cipher suite: TLS_RSA_WITH_NULL_SHA256 Ignoring disabled cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA Ignoring disabled cipher suite: SSL_DH_anon_WITH_3DES_EDE_CBC_SHA Ignoring disabled cipher suite: TLS_ECDH_anon_WITH_NULL_SHA Ignoring disabled cipher suite: SSL_RSA_WITH_3DES_EDE_CBC_SHA Ignoring disabled cipher suite: SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA Ignoring disabled cipher suite: TLS_ECDH_anon_WITH_RC4_128_SHA Ignoring disabled cipher suite: SSL_DHE_DSS_WITH_DES_CBC_SHA Ignoring disabled cipher suite: TLS_KRB5_EXPORT_WITH_RC4_40_SHA Ignoring disabled cipher suite: SSL_RSA_EXPORT_WITH_DES40_CBC_SHA Ignoring disabled cipher suite: TLS_KRB5_WITH_RC4_128_SHA Ignoring disabled cipher suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA Ignoring disabled cipher suite: SSL_RSA_EXPORT_WITH_RC4_40_MD5 Ignoring disabled cipher suite: TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA Ignoring disabled cipher suite: TLS_KRB5_EXPORT_WITH_RC4_40_MD5 Ignoring disabled cipher suite: TLS_ECDH_anon_WITH_AES_128_CBC_SHA Ignoring disabled cipher suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA Ignoring disabled cipher suite: TLS_KRB5_WITH_RC4_128_MD5 Ignoring disabled cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA Ignoring disabled cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA Ignoring disabled cipher suite: SSL_RSA_WITH_RC4_128_SHA Ignoring disabled cipher suite: TLS_ECDH_ECDSA_WITH_NULL_SHA Ignoring disabled cipher suite: TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA Ignoring disabled cipher suite: TLS_ECDH_RSA_WITH_RC4_128_SHA Ignoring disabled cipher suite: SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA Ignoring disabled cipher suite: SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA Ignoring disabled cipher suite: SSL_RSA_WITH_NULL_SHA Ignoring disabled cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA Ignoring disabled cipher suite: SSL_RSA_WITH_RC4_128_MD5 Ignoring disabled cipher suite: TLS_DH_anon_WITH_AES_128_CBC_SHA256 Ignoring disabled cipher suite: SSL_RSA_WITH_NULL_MD5 Ignoring disabled cipher suite: TLS_DH_anon_WITH_AES_128_GCM_SHA256 Ignoring disabled cipher suite: TLS_DH_anon_WITH_AES_256_GCM_SHA384 Ignoring disabled cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA Ignoring disabled cipher suite: SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA Ignoring disabled cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA Ignoring disabled cipher suite: SSL_RSA_WITH_3DES_EDE_CBC_SHA Ignoring disabled cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA Ignoring disabled cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA Ignoring disabled cipher suite: SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA Ignoring disabled cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA Ignoring disabled cipher suite: SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA Ignoring disabled cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA Ignoring disabled cipher suite: SSL_RSA_WITH_3DES_EDE_CBC_SHA Ignoring disabled cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA Ignoring disabled cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA Ignoring disabled cipher suite: SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA Inaccessible trust store: C:\MyPrograms\Java\jre1.8.0_221\lib\security\jssecacerts trustStore is: C:\MyPrograms\Java\jre1.8.0_221\lib\security\cacerts trustStore type is: jks trustStore provider is: the last modified time is: Thu Jul 25 21:22:24 EDT 2019 Reload the trust store Reload trust certs Reloaded 90 trust certs adding as trusted cert: Subject: CN=Entrust Root Certification Authority - EC1, OU=“© 2012 Entrust, Inc. - for authorized use only”, OU=See www.entrust.net/legal-terms, O=“Entrust, Inc.”, C=US Issuer: CN=Entrust Root Certification Authority - EC1, OU=“© 2012 Entrust, Inc. - for authorized use only”, OU=See www.entrust.net/legal-terms, O=“Entrust, Inc.”, C=US Algorithm: EC; Serial number: 0xa68b79290000000050d091f9 Valid from Tue Dec 18 10:25:36 EST 2012 until Fri Dec 18 10:55:36 EST 2037

adding as trusted cert: Subject: CN=SecureTrust CA, O=SecureTrust Corporation, C=US Issuer: CN=SecureTrust CA, O=SecureTrust Corporation, C=US Algorithm: RSA; Serial number: 0xcf08e5c0816a5ad427ff0eb271859d0 Valid from Tue Nov 07 14:31:18 EST 2006 until Mon Dec 31 14:40:55 EST 2029

adding as trusted cert: Subject: CN=Starfield Root Certificate Authority - G2, O=“Starfield Technologies, Inc.”, L=Scottsdale, ST=Arizona, C=US Issuer: CN=Starfield Root Certificate Authority - G2, O=“Starfield Technologies, Inc.”, L=Scottsdale, ST=Arizona, C=US Algorithm: RSA; Serial number: 0x0 Valid from Mon Aug 31 20:00:00 EDT 2009 until Thu Dec 31 18:59:59 EST 2037

adding as trusted cert: Subject: CN=IdenTrust Public Sector Root CA 1, O=IdenTrust, C=US Issuer: CN=IdenTrust Public Sector Root CA 1, O=IdenTrust, C=US Algorithm: RSA; Serial number: 0xa0142800000014523cf467c00000002 Valid from Thu Jan 16 12:53:32 EST 2014 until Mon Jan 16 12:53:32 EST 2034

adding as trusted cert: Subject: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP Issuer: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP Algorithm: RSA; Serial number: 0x0 Valid from Tue Sep 30 00:20:49 EDT 2003 until Sat Sep 30 00:20:49 EDT 2023

adding as trusted cert: Subject: CN=Entrust.net Certification Authority (2048), OU=© 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net Issuer: CN=Entrust.net Certification Authority (2048), OU=© 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net Algorithm: RSA; Serial number: 0x3863def8 Valid from Fri Dec 24 12:50:51 EST 1999 until Tue Jul 24 10:15:12 EDT 2029

adding as trusted cert: Subject: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Issuer: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Algorithm: RSA; Serial number: 0x83be056904246b1a1756ac95991c74a Valid from Thu Nov 09 19:00:00 EST 2006 until Sun Nov 09 19:00:00 EST 2031

adding as trusted cert: Subject: CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM Issuer: CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM Algorithm: RSA; Serial number: 0x445734245b81899b35f2ceb82b3b5ba726f07528 Valid from Thu Jan 12 13:59:32 EST 2012 until Sun Jan 12 13:59:32 EST 2042

adding as trusted cert: Subject: CN=TeliaSonera Root CA v1, O=TeliaSonera Issuer: CN=TeliaSonera Root CA v1, O=TeliaSonera Algorithm: RSA; Serial number: 0x95be16a0f72e46f17b398272fa8bcd96 Valid from Thu Oct 18 08:00:50 EDT 2007 until Mon Oct 18 08:00:50 EDT 2032

adding as trusted cert: Subject: CN=DigiCert Trusted Root G4, OU=www.digicert.com, O=DigiCert Inc, C=US Issuer: CN=DigiCert Trusted Root G4, OU=www.digicert.com, O=DigiCert Inc, C=US Algorithm: RSA; Serial number: 0x59b1b579e8e2132e23907bda777755c Valid from Thu Aug 01 08:00:00 EDT 2013 until Fri Jan 15 07:00:00 EST 2038

adding as trusted cert: Subject: CN=thawte Primary Root CA, OU=“© 2006 thawte, Inc. - For authorized use only”, OU=Certification Services Division, O=“thawte, Inc.”, C=US Issuer: CN=thawte Primary Root CA, OU=“© 2006 thawte, Inc. - For authorized use only”, OU=Certification Services Division, O=“thawte, Inc.”, C=US Algorithm: RSA; Serial number: 0x344ed55720d5edec49f42fce37db2b6d Valid from Thu Nov 16 19:00:00 EST 2006 until Wed Jul 16 19:59:59 EDT 2036

adding as trusted cert: Subject: CN=Go Daddy Root Certificate Authority - G2, O=“GoDaddy.com, Inc.”, L=Scottsdale, ST=Arizona, C=US Issuer: CN=Go Daddy Root Certificate Authority - G2, O=“GoDaddy.com, Inc.”, L=Scottsdale, ST=Arizona, C=US Algorithm: RSA; Serial number: 0x0 Valid from Mon Aug 31 20:00:00 EDT 2009 until Thu Dec 31 18:59:59 EST 2037

adding as trusted cert: Subject: CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US Issuer: CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US Algorithm: RSA; Serial number: 0x18acb56afd69b6153a636cafdafac4a1 Valid from Sun Nov 26 19:00:00 EST 2006 until Wed Jul 16 19:59:59 EDT 2036

adding as trusted cert: Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU=“© 2007 VeriSign, Inc. - For authorized use only”, OU=VeriSign Trust Network, O=“VeriSign, Inc.”, C=US Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU=“© 2007 VeriSign, Inc. - For authorized use only”, OU=VeriSign Trust Network, O=“VeriSign, Inc.”, C=US Algorithm: EC; Serial number: 0x2f80fe238c0e220f486712289187acb3 Valid from Sun Nov 04 19:00:00 EST 2007 until Mon Jan 18 18:59:59 EST 2038

adding as trusted cert: Subject: CN=Entrust Root Certification Authority, OU=“© 2006 Entrust, Inc.”, OU=www.entrust.net/CPS is incorporated by reference, O=“Entrust, Inc.”, C=US Issuer: CN=Entrust Root Certification Authority, OU=“© 2006 Entrust, Inc.”, OU=www.entrust.net/CPS is incorporated by reference, O=“Entrust, Inc.”, C=US Algorithm: RSA; Serial number: 0x456b5054 Valid from Mon Nov 27 15:23:42 EST 2006 until Fri Nov 27 15:53:42 EST 2026

adding as trusted cert: Subject: OU=Security Communication RootCA2, O=“SECOM Trust Systems CO.,LTD.”, C=JP Issuer: OU=Security Communication RootCA2, O=“SECOM Trust Systems CO.,LTD.”, C=JP Algorithm: RSA; Serial number: 0x0 Valid from Fri May 29 01:00:39 EDT 2009 until Tue May 29 01:00:39 EDT 2029

adding as trusted cert: Subject: CN=DigiCert Assured ID Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US Issuer: CN=DigiCert Assured ID Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US Algorithm: RSA; Serial number: 0xb931c3ad63967ea6723bfc3af9af44b Valid from Thu Aug 01 08:00:00 EDT 2013 until Fri Jan 15 07:00:00 EST 2038

adding as trusted cert: Subject: OU=VeriSign Trust Network, OU=“© 1998 VeriSign, Inc. - For authorized use only”, OU=Class 3 Public Primary Certification Authority - G2, O=“VeriSign, Inc.”, C=US Issuer: OU=VeriSign Trust Network, OU=“© 1998 VeriSign, Inc. - For authorized use only”, OU=Class 3 Public Primary Certification Authority - G2, O=“VeriSign, Inc.”, C=US Algorithm: RSA; Serial number: 0x7dd9fe07cfa81eb7107967fba78934c6 Valid from Sun May 17 20:00:00 EDT 1998 until Tue Aug 01 19:59:59 EDT 2028

adding as trusted cert: Subject: OU=ePKI Root Certification Authority, O=“Chunghwa Telecom Co., Ltd.”, C=TW Issuer: OU=ePKI Root Certification Authority, O=“Chunghwa Telecom Co., Ltd.”, C=TW Algorithm: RSA; Serial number: 0x15c8bd65475cafb897005ee406d2bc9d Valid from Sun Dec 19 21:31:27 EST 2004 until Tue Dec 19 21:31:27 EST 2034

adding as trusted cert: Subject: CN=AffirmTrust Commercial, O=AffirmTrust, C=US Issuer: CN=AffirmTrust Commercial, O=AffirmTrust, C=US Algorithm: RSA; Serial number: 0x7777062726a9b17c Valid from Fri Jan 29 09:06:06 EST 2010 until Tue Dec 31 09:06:06 EST 2030

adding as trusted cert: Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R6 Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R6 Algorithm: RSA; Serial number: 0x45e6bb038333c3856548e6ff4551 Valid from Tue Dec 09 19:00:00 EST 2014 until Sat Dec 09 19:00:00 EST 2034

adding as trusted cert: Subject: CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL Issuer: CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL Algorithm: RSA; Serial number: 0x444c0 Valid from Wed Oct 22 08:07:37 EDT 2008 until Mon Dec 31 07:07:37 EST 2029

adding as trusted cert: Subject: CN=Certum CA, O=Unizeto Sp. z o.o., C=PL Issuer: CN=Certum CA, O=Unizeto Sp. z o.o., C=PL Algorithm: RSA; Serial number: 0x10020 Valid from Tue Jun 11 06:46:39 EDT 2002 until Fri Jun 11 06:46:39 EDT 2027

adding as trusted cert: Subject: CN=XRamp Global Certification Authority, O=XRamp Security Services Inc, OU=www.xrampsecurity.com, C=US Issuer: CN=XRamp Global Certification Authority, O=XRamp Security Services Inc, OU=www.xrampsecurity.com, C=US Algorithm: RSA; Serial number: 0x50946cec18ead59c4dd597ef758fa0ad Valid from Mon Nov 01 12:14:04 EST 2004 until Mon Jan 01 00:37:19 EST 2035

adding as trusted cert: Subject: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE Issuer: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE Algorithm: RSA; Serial number: 0x1 Valid from Tue May 30 06:44:50 EDT 2000 until Sat May 30 06:44:50 EDT 2020

adding as trusted cert: Subject: CN=DST Root CA X3, O=Digital Signature Trust Co. Issuer: CN=DST Root CA X3, O=Digital Signature Trust Co. Algorithm: RSA; Serial number: 0x44afb080d6a327ba893039862ef8406b Valid from Sat Sep 30 17:12:19 EDT 2000 until Thu Sep 30 10:01:15 EDT 2021

adding as trusted cert: Subject: CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO Issuer: CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO Algorithm: RSA; Serial number: 0x2 Valid from Tue Oct 26 04:38:03 EDT 2010 until Fri Oct 26 04:38:03 EDT 2040

adding as trusted cert: Subject: CN=Sonera Class2 CA, O=Sonera, C=FI Issuer: CN=Sonera Class2 CA, O=Sonera, C=FI Algorithm: RSA; Serial number: 0x1d Valid from Fri Apr 06 03:29:40 EDT 2001 until Tue Apr 06 03:29:40 EDT 2021

adding as trusted cert: Subject: CN=D-TRUST Root Class 3 CA 2 EV 2009, O=D-Trust GmbH, C=DE Issuer: CN=D-TRUST Root Class 3 CA 2 EV 2009, O=D-Trust GmbH, C=DE Algorithm: RSA; Serial number: 0x983f4 Valid from Thu Nov 05 03:50:46 EST 2009 until Mon Nov 05 03:50:46 EST 2029

adding as trusted cert: Subject: CN=DigiCert Assured ID Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US Issuer: CN=DigiCert Assured ID Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US Algorithm: EC; Serial number: 0xba15afa1ddfa0b54944afcd24a06cec Valid from Thu Aug 01 08:00:00 EDT 2013 until Fri Jan 15 07:00:00 EST 2038

adding as trusted cert: Subject: CN=GeoTrust Primary Certification Authority - G2, OU=© 2007 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US Issuer: CN=GeoTrust Primary Certification Authority - G2, OU=© 2007 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US Algorithm: EC; Serial number: 0x3cb2f4480a00e2feeb243b5e603ec36b Valid from Sun Nov 04 19:00:00 EST 2007 until Mon Jan 18 18:59:59 EST 2038

adding as trusted cert: Subject: CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH Issuer: CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH Algorithm: RSA; Serial number: 0xbb401c43f55e4fb0 Valid from Wed Oct 25 04:30:35 EDT 2006 until Sat Oct 25 04:30:35 EDT 2036

adding as trusted cert: Subject: CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US Issuer: CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US Algorithm: EC; Serial number: 0x5c8b99c55a94c5d27156decd8980cc26 Valid from Sun Jan 31 19:00:00 EST 2010 until Mon Jan 18 18:59:59 EST 2038

adding as trusted cert: Subject: CN=IdenTrust Commercial Root CA 1, O=IdenTrust, C=US Issuer: CN=IdenTrust Commercial Root CA 1, O=IdenTrust, C=US Algorithm: RSA; Serial number: 0xa0142800000014523c844b500000002 Valid from Thu Jan 16 13:12:23 EST 2014 until Mon Jan 16 13:12:23 EST 2034

adding as trusted cert: Subject: CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM Issuer: CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM Algorithm: RSA; Serial number: 0x509 Valid from Fri Nov 24 13:27:00 EST 2006 until Mon Nov 24 13:23:33 EST 2031

adding as trusted cert: Subject: CN=D-TRUST Root Class 3 CA 2 2009, O=D-Trust GmbH, C=DE Issuer: CN=D-TRUST Root Class 3 CA 2 2009, O=D-Trust GmbH, C=DE Algorithm: RSA; Serial number: 0x983f3 Valid from Thu Nov 05 03:35:58 EST 2009 until Mon Nov 05 03:35:58 EST 2029

adding as trusted cert: Subject: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM Issuer: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM Algorithm: RSA; Serial number: 0x78585f2ead2c194be3370735341328b596d46593 Valid from Thu Jan 12 12:27:44 EST 2012 until Sun Jan 12 12:27:44 EST 2042

adding as trusted cert: Subject: CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Issuer: CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Algorithm: EC; Serial number: 0x1f47afaa62007050544c019e9b63992a Valid from Wed Mar 05 19:00:00 EST 2008 until Mon Jan 18 18:59:59 EST 2038

adding as trusted cert: Subject: CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US Issuer: CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US Algorithm: RSA; Serial number: 0x1fd6d30fca3ca51a81bbc640e35032d Valid from Sun Jan 31 19:00:00 EST 2010 until Mon Jan 18 18:59:59 EST 2038

adding as trusted cert: Subject: CN=ISRG Root X1, O=Internet Security Research Group, C=US Issuer: CN=ISRG Root X1, O=Internet Security Research Group, C=US Algorithm: RSA; Serial number: 0x8210cfb0d240e3594463e0bb63828b00 Valid from Thu Jun 04 07:04:38 EDT 2015 until Mon Jun 04 07:04:38 EDT 2035

adding as trusted cert: Subject: OU=VeriSign Trust Network, OU=“© 1998 VeriSign, Inc. - For authorized use only”, OU=Class 2 Public Primary Certification Authority - G2, O=“VeriSign, Inc.”, C=US Issuer: OU=VeriSign Trust Network, OU=“© 1998 VeriSign, Inc. - For authorized use only”, OU=Class 2 Public Primary Certification Authority - G2, O=“VeriSign, Inc.”, C=US Algorithm: RSA; Serial number: 0xb92f60cc889fa17a4609b85b706c8aaf Valid from Sun May 17 20:00:00 EDT 1998 until Tue Aug 01 19:59:59 EDT 2028

adding as trusted cert: Subject: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Issuer: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Algorithm: RSA; Serial number: 0x2ac5c266a0b409b8f0b79f2ae462577 Valid from Thu Nov 09 19:00:00 EST 2006 until Sun Nov 09 19:00:00 EST 2031

adding as trusted cert: Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 Algorithm: RSA; Serial number: 0x400000000010f8626e60d Valid from Fri Dec 15 03:00:00 EST 2006 until Wed Dec 15 03:00:00 EST 2021

adding as trusted cert: Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU=“© 2006 VeriSign, Inc. - For authorized use only”, OU=VeriSign Trust Network, O=“VeriSign, Inc.”, C=US Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU=“© 2006 VeriSign, Inc. - For authorized use only”, OU=VeriSign Trust Network, O=“VeriSign, Inc.”, C=US Algorithm: RSA; Serial number: 0x18dad19e267de8bb4a2158cdcc6b3b4a Valid from Tue Nov 07 19:00:00 EST 2006 until Wed Jul 16 19:59:59 EDT 2036

adding as trusted cert: Subject: CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM Issuer: CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM Algorithm: RSA; Serial number: 0x5c6 Valid from Fri Nov 24 14:11:23 EST 2006 until Mon Nov 24 14:06:44 EST 2031

adding as trusted cert: Subject: CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US Issuer: CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US Algorithm: RSA; Serial number: 0x1 Valid from Thu Mar 04 00:00:00 EST 2004 until Sun Mar 04 00:00:00 EST 2029

adding as trusted cert: Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3 Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3 Algorithm: RSA; Serial number: 0x4000000000121585308a2 Valid from Wed Mar 18 06:00:00 EDT 2009 until Sun Mar 18 06:00:00 EDT 2029

adding as trusted cert: Subject: CN=Starfield Services Root Certificate Authority - G2, O=“Starfield Technologies, Inc.”, L=Scottsdale, ST=Arizona, C=US Issuer: CN=Starfield Services Root Certificate Authority - G2, O=“Starfield Technologies, Inc.”, L=Scottsdale, ST=Arizona, C=US Algorithm: RSA; Serial number: 0x0 Valid from Mon Aug 31 20:00:00 EDT 2009 until Thu Dec 31 18:59:59 EST 2037

adding as trusted cert: Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE Algorithm: RSA; Serial number: 0x20000b9 Valid from Fri May 12 14:46:00 EDT 2000 until Mon May 12 19:59:00 EDT 2025

adding as trusted cert: Subject: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA Issuer: CN=Thawte Timestamping CA, OU=Thawte Certification, O=Thawte, L=Durbanville, ST=Western Cape, C=ZA Algorithm: RSA; Serial number: 0x67c8e1e8e3be1cbdfc913b8ea6238749 Valid from Tue Dec 31 19:00:00 EST 1996 until Fri Jan 01 18:59:59 EST 2021

adding as trusted cert: Subject: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB Issuer: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB Algorithm: RSA; Serial number: 0x1 Valid from Wed Dec 31 19:00:00 EST 2003 until Sun Dec 31 18:59:59 EST 2028

adding as trusted cert: Subject: OU=Starfield Class 2 Certification Authority, O=“Starfield Technologies, Inc.”, C=US Issuer: OU=Starfield Class 2 Certification Authority, O=“Starfield Technologies, Inc.”, C=US Algorithm: RSA; Serial number: 0x0 Valid from Tue Jun 29 13:39:16 EDT 2004 until Thu Jun 29 13:39:16 EDT 2034

adding as trusted cert: Subject: CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU Issuer: CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU Algorithm: RSA; Serial number: 0x0 Valid from Tue Sep 30 12:13:43 EDT 2003 until Wed Sep 30 12:13:44 EDT 2037

adding as trusted cert: Subject: CN=Swisscom Root CA 2, OU=Digital Certificate Services, O=Swisscom, C=ch Issuer: CN=Swisscom Root CA 2, OU=Digital Certificate Services, O=Swisscom, C=ch Algorithm: RSA; Serial number: 0x1e9e28e848f2e5efc37c4a1e5a1867b6 Valid from Fri Jun 24 04:38:14 EDT 2011 until Wed Jun 25 03:38:14 EDT 2031

adding as trusted cert: Subject: CN=QuoVadis Root CA 3 G3, O=QuoVadis Limited, C=BM Issuer: CN=QuoVadis Root CA 3 G3, O=QuoVadis Limited, C=BM Algorithm: RSA; Serial number: 0x2ef59b0228a7db7affd5a3a9eebd03a0cf126a1d Valid from Thu Jan 12 15:26:32 EST 2012 until Sun Jan 12 15:26:32 EST 2042

adding as trusted cert: Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU=“© 1999 VeriSign, Inc. - For authorized use only”, OU=VeriSign Trust Network, O=“VeriSign, Inc.”, C=US Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU=“© 1999 VeriSign, Inc. - For authorized use only”, OU=VeriSign Trust Network, O=“VeriSign, Inc.”, C=US Algorithm: RSA; Serial number: 0x9b7e0649a33e62b9d5ee90487129ef57 Valid from Thu Sep 30 20:00:00 EDT 1999 until Wed Jul 16 19:59:59 EDT 2036

adding as trusted cert: Subject: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE Issuer: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE Algorithm: RSA; Serial number: 0x40000000001154b5ac394 Valid from Tue Sep 01 08:00:00 EDT 1998 until Fri Jan 28 07:00:00 EST 2028

adding as trusted cert: Subject: CN=Actalis Authentication Root CA, O=Actalis S.p.A./03358520967, L=Milan, C=IT Issuer: CN=Actalis Authentication Root CA, O=Actalis S.p.A./03358520967, L=Milan, C=IT Algorithm: RSA; Serial number: 0x570a119742c4e3cc Valid from Thu Sep 22 07:22:02 EDT 2011 until Sun Sep 22 07:22:02 EDT 2030

adding as trusted cert: Subject: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US Issuer: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US Algorithm: RSA; Serial number: 0x44be0c8b500024b411d3362de0b35f1b Valid from Fri Jul 09 14:31:20 EDT 1999 until Tue Jul 09 14:40:36 EDT 2019

adding as trusted cert: Subject: CN=AffirmTrust Networking, O=AffirmTrust, C=US Issuer: CN=AffirmTrust Networking, O=AffirmTrust, C=US Algorithm: RSA; Serial number: 0x7c4f04391cd4992d Valid from Fri Jan 29 09:08:24 EST 2010 until Tue Dec 31 09:08:24 EST 2030

adding as trusted cert: Subject: OU=Class 3 Public Primary Certification Authority, O=“VeriSign, Inc.”, C=US Issuer: OU=Class 3 Public Primary Certification Authority, O=“VeriSign, Inc.”, C=US Algorithm: RSA; Serial number: 0x3c9131cb1ff6d01b0e9ab8d044bf12be Valid from Sun Jan 28 19:00:00 EST 1996 until Wed Aug 02 19:59:59 EDT 2028

adding as trusted cert: Subject: CN=AffirmTrust Premium, O=AffirmTrust, C=US Issuer: CN=AffirmTrust Premium, O=AffirmTrust, C=US Algorithm: RSA; Serial number: 0x6d8c1446b1a60aee Valid from Fri Jan 29 09:10:36 EST 2010 until Mon Dec 31 09:10:36 EST 2040

adding as trusted cert: Subject: CN=LuxTrust Global Root, O=LuxTrust s.a., C=LU Issuer: CN=LuxTrust Global Root, O=LuxTrust s.a., C=LU Algorithm: RSA; Serial number: 0xbb8 Valid from Thu Mar 17 05:51:37 EDT 2011 until Wed Mar 17 05:51:37 EDT 2021

adding as trusted cert: Subject: CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM Issuer: CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM Algorithm: RSA; Serial number: 0x3ab6508b Valid from Mon Mar 19 13:33:33 EST 2001 until Wed Mar 17 14:33:33 EDT 2021

adding as trusted cert: Subject: CN=Buypass Class 3 Root CA, O=Buypass AS-983163327, C=NO Issuer: CN=Buypass Class 3 Root CA, O=Buypass AS-983163327, C=NO Algorithm: RSA; Serial number: 0x2 Valid from Tue Oct 26 04:28:58 EDT 2010 until Fri Oct 26 04:28:58 EDT 2040

adding as trusted cert: Subject: CN=GeoTrust Primary Certification Authority - G3, OU=© 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US Issuer: CN=GeoTrust Primary Certification Authority - G3, OU=© 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US Algorithm: RSA; Serial number: 0x15ac6e9419b2794b41f627a9c3180f1f Valid from Tue Apr 01 20:00:00 EDT 2008 until Tue Dec 01 18:59:59 EST 2037

adding as trusted cert: Subject: CN=thawte Primary Root CA - G2, OU=“© 2007 thawte, Inc. - For authorized use only”, O=“thawte, Inc.”, C=US Issuer: CN=thawte Primary Root CA - G2, OU=“© 2007 thawte, Inc. - For authorized use only”, O=“thawte, Inc.”, C=US Algorithm: EC; Serial number: 0x35fc265cd9844fc93d263d579baed756 Valid from Sun Nov 04 19:00:00 EST 2007 until Mon Jan 18 18:59:59 EST 2038

adding as trusted cert: Subject: CN=VeriSign Universal Root Certification Authority, OU=“© 2008 VeriSign, Inc. - For authorized use only”, OU=VeriSign Trust Network, O=“VeriSign, Inc.”, C=US Issuer: CN=VeriSign Universal Root Certification Authority, OU=“© 2008 VeriSign, Inc. - For authorized use only”, OU=VeriSign Trust Network, O=“VeriSign, Inc.”, C=US Algorithm: RSA; Serial number: 0x401ac46421b31321030ebbe4121ac51d Valid from Tue Apr 01 20:00:00 EDT 2008 until Tue Dec 01 18:59:59 EST 2037

adding as trusted cert: Subject: CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU Issuer: CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU Algorithm: RSA; Serial number: 0xa3da427ea4b1aeda Valid from Fri Aug 01 08:29:50 EDT 2008 until Sat Jul 31 08:29:50 EDT 2038

adding as trusted cert: Subject: CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH Issuer: CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH Algorithm: RSA; Serial number: 0x4f1bd42f54bb2f4b Valid from Wed Oct 25 04:32:46 EDT 2006 until Sat Oct 25 04:32:46 EDT 2036

adding as trusted cert: Subject: CN=Entrust Root Certification Authority - G2, OU=“© 2009 Entrust, Inc. - for authorized use only”, OU=See www.entrust.net/legal-terms, O=“Entrust, Inc.”, C=US Issuer: CN=Entrust Root Certification Authority - G2, OU=“© 2009 Entrust, Inc. - for authorized use only”, OU=See www.entrust.net/legal-terms, O=“Entrust, Inc.”, C=US Algorithm: RSA; Serial number: 0x4a538c28 Valid from Tue Jul 07 13:25:54 EDT 2009 until Sat Dec 07 12:55:54 EST 2030

adding as trusted cert: Subject: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE Issuer: CN=AddTrust Class 1 CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE Algorithm: RSA; Serial number: 0x1 Valid from Tue May 30 06:38:31 EDT 2000 until Sat May 30 06:38:31 EDT 2020

adding as trusted cert: Subject: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Issuer: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Algorithm: RSA; Serial number: 0xce7e0e517d846fe8fe560fc1bf03039 Valid from Thu Nov 09 19:00:00 EST 2006 until Sun Nov 09 19:00:00 EST 2031

adding as trusted cert: Subject: OU=Go Daddy Class 2 Certification Authority, O=“The Go Daddy Group, Inc.”, C=US Issuer: OU=Go Daddy Class 2 Certification Authority, O=“The Go Daddy Group, Inc.”, C=US Algorithm: RSA; Serial number: 0x0 Valid from Tue Jun 29 13:06:20 EDT 2004 until Thu Jun 29 13:06:20 EDT 2034

adding as trusted cert: Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4 Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4 Algorithm: EC; Serial number: 0x2a38a41c960a04de42b228a50be8349802 Valid from Mon Nov 12 19:00:00 EST 2012 until Mon Jan 18 22:14:07 EST 2038

adding as trusted cert: Subject: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE Issuer: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE Algorithm: RSA; Serial number: 0x1 Valid from Tue May 30 06:48:38 EDT 2000 until Sat May 30 06:48:38 EDT 2020

adding as trusted cert: Subject: CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE Issuer: CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE Algorithm: RSA; Serial number: 0x1 Valid from Wed Oct 01 06:29:56 EDT 2008 until Sat Oct 01 19:59:59 EDT 2033

adding as trusted cert: Subject: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU Issuer: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU Algorithm: RSA; Serial number: 0xc9cdd3e9d57d23ce Valid from Fri Aug 01 08:31:40 EDT 2008 until Sat Jul 31 08:31:40 EDT 2038

adding as trusted cert: Subject: CN=thawte Primary Root CA - G3, OU=“© 2008 thawte, Inc. - For authorized use only”, OU=Certification Services Division, O=“thawte, Inc.”, C=US Issuer: CN=thawte Primary Root CA - G3, OU=“© 2008 thawte, Inc. - For authorized use only”, OU=Certification Services Division, O=“thawte, Inc.”, C=US Algorithm: RSA; Serial number: 0x600197b746a7eab4b49ad64b2ff790fb Valid from Tue Apr 01 20:00:00 EDT 2008 until Tue Dec 01 18:59:59 EST 2037

adding as trusted cert: Subject: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Issuer: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Algorithm: RSA; Serial number: 0x4caaf9cadb636fe01ff74ed85b03869d Valid from Mon Jan 18 19:00:00 EST 2010 until Mon Jan 18 18:59:59 EST 2038

adding as trusted cert: Subject: CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US Issuer: CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US Algorithm: EC; Serial number: 0x55556bcf25ea43535c3a40fd5ab4572 Valid from Thu Aug 01 08:00:00 EDT 2013 until Fri Jan 15 07:00:00 EST 2038

adding as trusted cert: Subject: CN=GTE CyberTrust Global Root, OU=“GTE CyberTrust Solutions, Inc.”, O=GTE Corporation, C=US Issuer: CN=GTE CyberTrust Global Root, OU=“GTE CyberTrust Solutions, Inc.”, O=GTE Corporation, C=US Algorithm: RSA; Serial number: 0x1a5 Valid from Wed Aug 12 20:29:00 EDT 1998 until Mon Aug 13 19:59:00 EDT 2018

adding as trusted cert: Subject: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA Issuer: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA Algorithm: RSA; Serial number: 0x36122296c5e338a520a1d25f4cd70954 Valid from Wed Jul 31 20:00:00 EDT 1996 until Fri Jan 01 18:59:59 EST 2021

adding as trusted cert: Subject: CN=AffirmTrust Premium ECC, O=AffirmTrust, C=US Issuer: CN=AffirmTrust Premium ECC, O=AffirmTrust, C=US Algorithm: EC; Serial number: 0x7497258ac73f7a54 Valid from Fri Jan 29 09:20:24 EST 2010 until Mon Dec 31 09:20:24 EST 2040

adding as trusted cert: Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US Algorithm: RSA; Serial number: 0x23456 Valid from Tue May 21 00:00:00 EDT 2002 until Sat May 21 00:00:00 EDT 2022

adding as trusted cert: Subject: CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE Issuer: CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE Algorithm: RSA; Serial number: 0x1 Valid from Wed Oct 01 06:40:14 EDT 2008 until Sat Oct 01 19:59:59 EDT 2033

adding as trusted cert: Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH Issuer: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH Algorithm: RSA; Serial number: 0x4eb200670c035d4f Valid from Wed Oct 25 04:36:00 EDT 2006 until Sat Oct 25 04:36:00 EDT 2036

adding as trusted cert: Subject: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR Issuer: CN=KEYNECTIS ROOT CA, OU=ROOT, O=KEYNECTIS, C=FR Algorithm: RSA; Serial number: 0x1121bc276c5547af584eefd4ced629b2a285 Valid from Mon May 25 20:00:00 EDT 2009 until Mon May 25 20:00:00 EDT 2020

adding as trusted cert: Subject: CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US Issuer: CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US Algorithm: RSA; Serial number: 0x33af1e6a711a9a0bb2864b11d09fae5 Valid from Thu Aug 01 08:00:00 EDT 2013 until Fri Jan 15 07:00:00 EST 2038

adding as trusted cert: Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R5 Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R5 Algorithm: EC; Serial number: 0x605949e0262ebb55f90a778a71f94ad86c Valid from Mon Nov 12 19:00:00 EST 2012 until Mon Jan 18 22:14:07 EST 2038

keyStore is : keyStore type is : jks keyStore provider is : init keystore init keymanager of type SunX509 trigger seeding of SecureRandom done seeding SecureRandom Allow unsafe renegotiation: false Allow legacy hello messages: true Is initial handshake: true Is secure renegotiation: false Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1 Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1 Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1 Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1 %% No cached client session update handshake state: client_hello[1] upcoming handshake states: server_hello[2] *** ClientHello, TLSv1.2 RandomCookie: GMT: 1552933033 bytes = { 230, 137, 68, 81, 77, 127, 108, 178, 107, 213, 166, 229, 64, 168, 168, 213, 103, 117, 225, 5, 60, 111, 72, 78, 244, 189, 242, 82 } Session ID: {} Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] Compression Methods: { 0 } Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1} Extension ec_point_formats, formats: [uncompressed] Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA Extension extended_master_secret Extension server_name, server_name: [type=host_name (0), value=nvd.nist.gov]


main, WRITE: TLSv1.2 Handshake, length = 214 main, READ: TLSv1.2 Handshake, length = 93 check handshake state: server_hello[2] *** ServerHello, TLSv1.2 RandomCookie: GMT: 888373860 bytes = { 229, 253, 125, 7, 104, 68, 243, 107, 40, 246, 168, 123, 218, 131, 170, 74, 135, 124, 50, 173, 81, 108, 88, 65, 155, 205, 122, 90 } Session ID: {128, 54, 105, 212, 73, 73, 255, 92, 183, 62, 182, 223, 43, 131, 189, 6, 85, 185, 120, 160, 181, 117, 73, 86, 228, 23, 249, 27, 73, 216, 150, 7} Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Compression Method: 0 Extension server_name, server_name: Extension renegotiation_info, renegotiated_connection: <empty> Extension ec_point_formats, formats: [uncompressed, ansiX962_compressed_prime, ansiX962_compressed_char2]


%% Initialized: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384] ** TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 update handshake state: server_hello[2] upcoming handshake states: server certificate[11] upcoming handshake states: server_key_exchange12 upcoming handshake states: certificate_request13 upcoming handshake states: server_hello_done[14] upcoming handshake states: client certificate11 upcoming handshake states: client_key_exchange[16] upcoming handshake states: certificate_verify15 upcoming handshake states: client change_cipher_spec[-1] upcoming handshake states: client finished[20] upcoming handshake states: server change_cipher_spec[-1] upcoming handshake states: server finished[20] main, READ: TLSv1.2 Handshake, length = 1848 check handshake state: certificate[11] update handshake state: certificate[11] upcoming handshake states: server_key_exchange12 upcoming handshake states: certificate_request13 upcoming handshake states: server_hello_done[14] upcoming handshake states: client certificate11 upcoming handshake states: client_key_exchange[16] upcoming handshake states: certificate_verify15 upcoming handshake states: client change_cipher_spec[-1] upcoming handshake states: client finished[20] upcoming handshake states: server change_cipher_spec[-1] upcoming handshake states: server finished[20] *** Certificate chain chain [0] = [ [ Version: V3 Subject: CN=nvd.nist.gov, OU=OISM, O=National Institute of Standards and Technology, L=Gaithersburg, ST=Maryland, C=US Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

Key: Sun RSA public key, 2048 bits modulus: 25594131913523496269060106854058710862271807885319681561717432942227804823065213261843410825792111480028220117311241746329220057864785509365746789780684305819380045327053243185208622996569201479685584358510160754238783775675270644560338585854642025878998876813767822670954192728522045875806355789685214427179763218263396224440605358504234708122982076882063647525476512005136355621464088528831559829645075648095586656866610271475010275079179936417438084657532818410068168523619359655398268513366099695311860079370582876462042495884356375893429602824463957752597162173950993144281331568953239041424491431754573761567479 public exponent: 65537 Validity: [From: Tue Nov 13 19:00:00 EST 2018, To: Fri Nov 15 07:00:00 EST 2019] Issuer: CN=DigiCert SHA2 Secure Server CA, O=DigiCert Inc, C=US SerialNumber: [ 09ab1da2 a73d123c 4dc06804 965e740c]

Certificate Extensions: 10 [1]: ObjectId: 1.3.6.1.4.1.11129.2.4.2 Criticality=false Extension unknown: DER encoded OCTET string = 0000: 04 81 F4 04 81 F1 00 EF 00 76 00 A4 B9 09 90 B4 …v… 0010: 18 58 14 87 BB 13 A2 CC 67 70 0A 3C 35 98 04 F9 .X…gp.<5… 0020: 1B DF B8 E3 77 CD 0E C8 0D DC 10 00 00 01 67 14 …w…g. 0030: 23 9D E9 00 00 04 03 00 47 30 45 02 21 00 C8 69 #…G0E.!..i 0040: 57 C6 67 EF E4 D1 A0 0A 2A 38 8F 7D 61 93 E4 BB W.g…8…a… 0050: 1E 6C D7 37 07 B1 FA 43 D7 68 0C B8 B0 F3 02 20 .l.7…C.h… 0060: 43 18 93 31 85 4A 33 F1 24 5C 78 42 88 43 A4 C9 C…1.J3.$\xB.C… 0070: 71 25 9C 89 B9 EF ED 9C 17 A9 6E DA 22 D8 DE 9F q%…n."… 0080: 00 75 00 87 75 BF E7 59 7C F8 8C 43 99 5F BD F3 .u…u…Y…C._… 0090: 6E FF 56 8D 47 56 36 FF 4A B5 60 C1 B4 EA FF 5E n.V.GV6.J.`…^ 00A0: A0 83 0F 00 00 01 67 14 23 9E C4 00 00 04 03 00 …g.#… 00B0: 46 30 44 02 20 5C 3D 6C A8 2B 7D 91 66 F9 5C 84 F0D. =l.+…f.. 00C0: 91 42 89 16 5E F4 19 37 4B B8 47 3E 2A C5 93 18 .B…^…7K.G>… 00D0: BC 20 29 FF 59 02 20 5E 1E FE BB AD 71 E5 D9 37 . ).Y. ^…q…7 00E0: 85 E4 E4 7B 89 D1 0C 2B 48 61 74 DD 8A 08 4E C5 …+Hat…N. 00F0: 27 1F 92 82 23 75 D8 '…#u.

[2]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false AuthorityInfoAccess [ [ accessMethod: ocsp accessLocation: URIName: http://ocsp.digicert.com

accessMethod: caIssuers accessLocation: URIName: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt ] ]

[3]: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 0F 80 61 1C 82 31 61 D5 2F 28 E7 8D 46 38 B4 2C …a…1a./(…F8., 0010: E1 C6 D9 E2 … ] ]

[4]: ObjectId: 2.5.29.19 Criticality=false BasicConstraints:[ CA:false PathLen: undefined ]

[5]: ObjectId: 2.5.29.31 Criticality=false CRLDistributionPoints [ [DistributionPoint: [URIName: http://crl3.digicert.com/ssca-sha2-g6.crl] , DistributionPoint: [URIName: http://crl4.digicert.com/ssca-sha2-g6.crl] ]]

[6]: ObjectId: 2.5.29.32 Criticality=false CertificatePolicies [ [CertificatePolicyId: [2.16.840.1.114412.1.1] [PolicyQualifierInfo: [ qualifierID: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 77 77 77 2E 64 69 …https://www.di 0010: 67 69 63 65 72 74 2E 63 6F 6D 2F 43 50 53 gicert.com/CPS

]] ] [CertificatePolicyId: [2.23.140.1.2.2] [] ] ]

[7]: ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ serverAuth clientAuth ]

[8]: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ DigitalSignature Key_Encipherment ]

[9]: ObjectId: 2.5.29.17 Criticality=false SubjectAlternativeName [ DNSName: nvd.nist.gov DNSName: icat.nist.gov DNSName: web.nvd.nist.gov DNSName: static.nvd.nist.gov DNSName: services.nvd.nist.gov DNSName: checklists.nist.gov DNSName: scap.nist.gov DNSName: beacon.nist.gov DNSName: usgcb.nist.gov DNSName: fdcc.nist.gov DNSName: csrc.nist.gov DNSName: sbc.nist.gov DNSName: scrm.nist.gov DNSName: auth.nvd.nist.gov ]

[10]: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 62 59 02 40 6B E1 DC 30 2B AB 72 A3 CD 1F C2 7B bY.@k…0+.r… 0010: 37 25 E2 80 7%… ] ]

] Algorithm: [SHA256withRSA] Signature: 0000: 54 E5 0F B1 8F 66 FC 0C A3 DD E8 5B 6B 65 AF 73 T…f…[ke.s 0010: B6 56 21 E7 B6 B8 24 0B 1E B1 EF 54 B9 FB 9C B2 .V!..$…T… 0020: A4 B8 18 F6 E3 8C F0 22 BC B6 3E 59 3D 2B E4 AD …“…>Y=+… 0030: 9A 01 88 3E F0 E7 EB 38 C2 66 4A 57 D4 F7 E8 ED …>…8.fJW… 0040: 30 ED A2 59 54 DE 54 0E 4F D3 03 2C 18 C5 77 B0 0…YT.T.O…,…w. 0050: F2 09 A9 DE F8 73 F3 7E 24 2A 33 CB D1 31 17 D4 …s…$*3…1… 0060: 62 CE 1E BC C4 DC E8 38 A5 27 C9 BC B8 E2 FC 00 b…8.'… 0070: AA E6 B4 77 14 C8 51 99 46 A9 E0 DA 1B EA 79 4D …w…Q.F…yM 0080: 3F A3 FB 74 71 01 E8 29 2D 58 4A B9 82 1C 30 39 ?..tq…)-XJ…09 0090: 2C EB C5 5B 00 28 20 C5 C5 E2 10 C0 40 AD 84 81 ,…[.( …@… 00A0: D6 0F BB 07 93 0D 4E E9 22 DE F1 63 15 3D 92 DE …N.”…c.=… 00B0: 56 D2 25 5A 96 66 27 4C D6 9E 7B 69 CF 77 FF 6C V.%Z.f’L…i.w.l 00C0: BB EB 93 51 B7 88 76 B3 B0 7B 75 79 8E ED AF 2D …Q…v…uy…- 00D0: 88 5B 36 07 59 31 29 CA A8 1C D3 29 EF 49 14 10 .[6.Y1)…).I… 00E0: 26 F9 7B 71 37 EF 94 5A 3C 38 D5 6E 38 3D 85 69 &…q7…Z<8.n8=.i 00F0: C9 0C 1A B0 B2 FC F8 A7 D9 0A 58 3A 1A A5 7E B7 …X:…

]


%% Invalidated: [Session-1, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384] main, SEND TLSv1.2 ALERT: fatal, description = certificate_unknown main, WRITE: TLSv1.2 Alert, length = 2 main, called closeSocket() main, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(Unknown Source) at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) at sun.security.validator.Validator.validate(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source) at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source) at sun.security.ssl.Handshaker.processLoop(Unknown Source) at sun.security.ssl.Handshaker.process_record(Unknown Source) at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) at sun.security.ssl.SSLSocketImpl.writeRecord(Unknown Source) at sun.security.ssl.AppOutputStream.write(Unknown Source) at sun.security.ssl.AppOutputStream.write(Unknown Source) at SSLPoke.main(SSLPoke.java:31) Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(Unknown Source) at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source) at java.security.cert.CertPathBuilder.build(Unknown Source) … 16 more`

Exception from within Ant Build:

[dependency-check] Begin Engine Version Check [dependency-check] Last checked: 1569771061 [dependency-check] Now: 1569773680 [dependency-check] Current version: 5.2.1 [dependency-check] Upgrade not needed Finding class org.owasp.dependencycheck.data.update.RetireJSDataSource Loaded from D:\MyPrograms\dependency-check-ant\lib\dependency-check-core-5.2.1.jar org/owasp/dependencycheck/data/update/RetireJSDataSource.class Class org.owasp.dependencycheck.data.update.RetireJSDataSource loaded from ant loader (parentFirst) [dependency-check] Settings.getDataFile() - file: 'D:\MyPrograms\dependency-check-ant\data\4.0' [dependency-check] Last updated: 1569771062607 [dependency-check] Now: 1569773680248 [dependency-check] Skipping RetireJS update since last update was within 24 hours. [dependency-check] Lock released ([main, b32b5cae0b931e66f4bff5a7a83a4fd0, 2019-09-29 12:14:40.252]) {} @ {} [dependency-check] Unable to update 1 or more Cached Web DataSource, using local data instead. Results may not include recent vulnerabilities. [dependency-check] Update Error UpdateException: org.owasp.dependencycheck.data.update.exception.UpdateException: Unable to download meta file: https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-modified.meta at org.owasp.dependencycheck.data.update.NvdCveUpdater.getMetaFile(NvdCveUpdater.java:347) at org.owasp.dependencycheck.data.update.NvdCveUpdater.getUpdatesNeeded(NvdCveUpdater.java:385) at org.owasp.dependencycheck.data.update.NvdCveUpdater.update(NvdCveUpdater.java:122) at org.owasp.dependencycheck.Engine.doUpdates(Engine.java:922) at org.owasp.dependencycheck.Engine.initializeAndUpdateDatabase(Engine.java:723) at org.owasp.dependencycheck.Engine.analyzeDependencies(Engine.java:653) at org.owasp.dependencycheck.taskdefs.Check.callExecuteAnalysis(Check.java:1581) at org.owasp.dependencycheck.taskdefs.Check.execute(Check.java:1540) at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:292) at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:99) at org.apache.tools.ant.Task.perform(Task.java:350) at org.apache.tools.ant.Target.execute(Target.java:449) at org.apache.tools.ant.Target.performTasks(Target.java:470) at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1391) at org.apache.tools.ant.Project.executeTarget(Project.java:1364) at org.apache.tools.ant.helper.DefaultExecutor.executeTargets(DefaultExecutor.java:41) at org.apache.tools.ant.Project.executeTargets(Project.java:1254) at org.apache.tools.ant.Main.runBuild(Main.java:830) at org.apache.tools.ant.Main.startAnt(Main.java:223) at org.apache.tools.ant.launch.Launcher.run(Launcher.java:284) at org.apache.tools.ant.launch.Launcher.main(Launcher.java:101) Caused by: org.owasp.dependencycheck.utils.DownloadFailedException: Download failed, unable to retrieve 'https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-modified.meta' at org.owasp.dependencycheck.utils.Downloader.fetchContent(Downloader.java:115) at org.owasp.dependencycheck.data.update.NvdCveUpdater.getMetaFile(NvdCveUpdater.java:340) ... 23 more Caused by: org.owasp.dependencycheck.utils.DownloadFailedException: Error downloading file https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-modified.meta; unable to connect. at org.owasp.dependencycheck.utils.HttpResourceConnection.obtainConnection(HttpResourceConnection.java:238) at org.owasp.dependencycheck.utils.HttpResourceConnection.fetch(HttpResourceConnection.java:138) at org.owasp.dependencycheck.utils.Downloader.fetchContent(Downloader.java:110) ... 24 more Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316) at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1639) at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:223) at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037) at sun.security.ssl.Handshaker.process_record(Handshaker.java:965) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1064) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1367) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1395) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1379) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:167) at org.owasp.dependencycheck.utils.HttpResourceConnection.obtainConnection(HttpResourceConnection.java:178) ... 26 more Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397) at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302) at sun.security.validator.Validator.validate(Validator.java:262) at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:330) at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:237) at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:132) at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1621) ... 37 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392) ... 43 more

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Reactions:7
  • Comments:28 (1 by maintainers)

github_iconTop GitHub Comments

14reactions
stevespringettcommented, Sep 30, 2019

Response from NVD:

Good morning,

Thank you for reporting this to the NVD, we are aware of the problem and are currently working on a resolution. We apologize for the inconvenience.

V/r, National Vulnerability Database Team mailto:nvd@nist.gov

7reactions
markdenihancommented, Sep 30, 2019

Workaround (from stevespringett/nist-data-mirror#38)

Update your Java Options to contain:

export _JAVA_OPTIONS="-Dcom.sun.security.enableAIAcaIssuers=true"
Read more comments on GitHub >

github_iconTop Results From Across the Web

Facing the SSLHandshakeException while running the ...
This error generally means that your JVM cannot create a secure (https) connection to the server nvd.nist.gov because it does not trust the ......
Read more >
CVE-2022-3786 Detail - NVD
Current Description. A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking.
Read more >
Build failed in Jenkins: ZooKeeper-trunk-owasp #500
Build failed in Jenkins: ZooKeeper-trunk-owasp #500 ... SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.
Read more >
PKIX path validation failed: java.security.cert ... - Search
Mapping Task using Rest V2 as source connection to read data from REST endpoint are failing with the error: [ERROR] javax.net.ssl.
Read more >
Javarevisited: How to Fix javax.net.ssl.SSLHandshakeException
The reason of this error is simple, certificates returned by the Server during SSL handshake are not signed by any trusted Certification Authority(CA)...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found