Ключевое слово в защите информации
КЛЮЧЕВОЕ СЛОВО
в защите информации
Получить ГОСТ TLS-сертификат для домена (SSL-сертификат)
Добро пожаловать, Гость! Чтобы использовать все возможности Вход или Регистрация.

Уведомление

Icon
Error

2 Страницы12>
Опции
К последнему сообщению К первому непрочитанному
Offline vega  
#1 Оставлено : 28 октября 2015 г. 15:03:39(UTC)
vega

Статус: Активный участник

Группы: Участники
Зарегистрирован: 22.10.2010(UTC)
Сообщений: 47
Российская Федерация

Сказал(а) «Спасибо»: 11 раз
Настроена двусторонняя авторизация. csptest выдает диалог запроса пароля на ключ. Но авторизация не проходит. Wireshark говорит о том, что обращения к серверу УЦ за CRL не происходит. Что может быть? Пробовал JCP 2.0 сборок 38150 и 38481 на Java 7 и Java 8. Вот лог tomcat с уровнем ALL

Код:

28-Oct-2015 14:48:07.983 FINE [http-nio-443-exec-2] ru.CryptoPro.ssl.m.a %% Certificate message:
------
  Subject: C=RU, O=Client, CN=Client2, EMAILADDRESS=client2@client.ru
  Valid from Wed Oct 28 13:03:25 MSK 2015 until Thu Jan 28 13:13:25 MSK 2016
------
28-Oct-2015 14:48:07.983 FINER [http-nio-443-exec-2] ru.CryptoPro.ssl.w.<init> Validator() count of trusted certificates: 2
28-Oct-2015 14:48:07.994 FINER [http-nio-443-exec-2] ru.CryptoPro.ssl.w.a Count of certificates to be checked: 1 (is server chain: false)
28-Oct-2015 14:48:07.994 FINER [http-nio-443-exec-2] ru.CryptoPro.ssl.w.a Build a certificate chain using following certificates(length: 1)
28-Oct-2015 14:48:07.994 FINER [http-nio-443-exec-2] ru.CryptoPro.ssl.w.a Certificate #0
	serial number: 120009cee1f047666888ab1a4c00000009cee1
	subject: C=RU, O=Client, CN=Client2, EMAILADDRESS=client2@client.ru
	issuer: CN=CRYPTO-PRO Test Center 2, O=CRYPTO-PRO LLC, L=Moscow, C=RU, EMAILADDRESS=support@cryptopro.ru
28-Oct-2015 14:48:07.994 FINER [http-nio-443-exec-2] ru.CryptoPro.ssl.w.a Root certificate is NOT found.
28-Oct-2015 14:48:07.996 FINE [http-nio-443-exec-2] ru.CryptoPro.ssl.w.a [PKIX] Signature provider: JCP
28-Oct-2015 14:48:07.996 FINE [http-nio-443-exec-2] ru.CryptoPro.ssl.w.a [PKIX] Set some additional (intermediate) certificates
28-Oct-2015 14:48:07.996 FINE [http-nio-443-exec-2] ru.CryptoPro.ssl.w.a [PKIX] parameters:
	com.sun.security.enableCRLDP=true
	com.ibm.security.enableCRLDP=false
28-Oct-2015 14:48:07.996 FINER [http-nio-443-exec-2] ru.CryptoPro.ssl.w.a [PKIX] Revocation enabled: false
28-Oct-2015 14:48:08.096 FINE [http-nio-443-exec-2] ru.CryptoPro.ssl.w.a [PKIX] Certificate chain was built (length: 2).
28-Oct-2015 14:48:08.096 FINE [http-nio-443-exec-2] ru.CryptoPro.ssl.w.a [PKIX] Online verification is enabled.
28-Oct-2015 14:48:08.111 FINE [http-nio-443-exec-2] ru.CryptoPro.ssl.w.a [PKIX] Offline verification is disabled. CRL timer is turned OFF.
28-Oct-2015 14:48:08.111 FINER [http-nio-443-exec-2] ru.CryptoPro.ssl.w.a [PKIX] Revocation enabled: true
28-Oct-2015 14:48:08.133 FINE [http-nio-443-exec-2] ru.CryptoPro.ssl.w.a THROW
 java.security.cert.CertPathValidatorException: Could not determine revocation status
	at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(Unknown Source)
	at sun.security.provider.certpath.PKIXCertPathValidator.validate(Unknown Source)
	at sun.security.provider.certpath.PKIXCertPathValidator.validate(Unknown Source)
	at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown Source)
	at java.security.cert.CertPathValidator.validate(Unknown Source)
	at ru.CryptoPro.reprov.CPCertPathValidator.engineValidate(Unknown Source)
	at java.security.cert.CertPathValidator.validate(Unknown Source)
	at ru.CryptoPro.ssl.w.a(Unknown Source)
	at ru.CryptoPro.ssl.w.a(Unknown Source)
	at ru.CryptoPro.ssl.g.checkClientTrusted(Unknown Source)
	at ru.CryptoPro.ssl.x.checkClientTrusted(Unknown Source)
	at ru.CryptoPro.ssl.m.a(Unknown Source)
	at ru.CryptoPro.ssl.m.a(Unknown Source)
	at ru.CryptoPro.ssl.f.o(Unknown Source)
	at ru.CryptoPro.ssl.U.a(Unknown Source)
	at ru.CryptoPro.ssl.U.run(Unknown Source)
	at java.security.AccessController.doPrivileged(Native Method)
	at ru.CryptoPro.ssl.c.run(Unknown Source)
	at org.apache.tomcat.util.net.SecureNioChannel.tasks(SecureNioChannel.java:301)
	at org.apache.tomcat.util.net.SecureNioChannel.handshakeUnwrap(SecureNioChannel.java:359)
	at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:208)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1476)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Unknown Source)

28-Oct-2015 14:48:08.133 SEVERE [http-nio-443-exec-2] ru.CryptoPro.ssl.SSLEngineImpl.a http-nio-443-exec-2, fatal error: 46: General SSLEngine problem

28-Oct-2015 14:48:08.133 SEVERE [http-nio-443-exec-2] ru.CryptoPro.ssl.SSLEngineImpl.a http-nio-443-exec-2, fatal error: 
 java.security.cert.CertificateException: [PKIX] a failure during check of the certificate chain
	at ru.CryptoPro.ssl.w.a(Unknown Source)
	at ru.CryptoPro.ssl.w.a(Unknown Source)
	at ru.CryptoPro.ssl.g.checkClientTrusted(Unknown Source)
	at ru.CryptoPro.ssl.x.checkClientTrusted(Unknown Source)
	at ru.CryptoPro.ssl.m.a(Unknown Source)
	at ru.CryptoPro.ssl.m.a(Unknown Source)
	at ru.CryptoPro.ssl.f.o(Unknown Source)
	at ru.CryptoPro.ssl.U.a(Unknown Source)
	at ru.CryptoPro.ssl.U.run(Unknown Source)
	at java.security.AccessController.doPrivileged(Native Method)
	at ru.CryptoPro.ssl.c.run(Unknown Source)
	at org.apache.tomcat.util.net.SecureNioChannel.tasks(SecureNioChannel.java:301)
	at org.apache.tomcat.util.net.SecureNioChannel.handshakeUnwrap(SecureNioChannel.java:359)
	at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:208)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1476)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Unknown Source)
Caused by: java.security.cert.CertPathValidatorException: Could not determine revocation status
	at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(Unknown Source)
	at sun.security.provider.certpath.PKIXCertPathValidator.validate(Unknown Source)
	at sun.security.provider.certpath.PKIXCertPathValidator.validate(Unknown Source)
	at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown Source)
	at java.security.cert.CertPathValidator.validate(Unknown Source)
	at ru.CryptoPro.reprov.CPCertPathValidator.engineValidate(Unknown Source)
	at java.security.cert.CertPathValidator.validate(Unknown Source)
	... 20 more

28-Oct-2015 14:48:08.134 SEVERE [http-nio-443-exec-2] ru.CryptoPro.ssl.SSLEngineImpl.a http-nio-443-exec-2, fatal error: 80: problem unwrapping net record

28-Oct-2015 14:48:08.134 SEVERE [http-nio-443-exec-2] ru.CryptoPro.ssl.SSLEngineImpl.a http-nio-443-exec-2, fatal error: 
 javax.net.ssl.SSLHandshakeException: General SSLEngine problem
	at ru.CryptoPro.ssl.f.u(Unknown Source)
	at ru.CryptoPro.ssl.SSLEngineImpl.d(Unknown Source)
	at ru.CryptoPro.ssl.SSLEngineImpl.c(Unknown Source)
	at ru.CryptoPro.ssl.SSLEngineImpl.wrap(Unknown Source)
	at javax.net.ssl.SSLEngine.wrap(Unknown Source)
	at org.apache.tomcat.util.net.SecureNioChannel.handshakeWrap(SecureNioChannel.java:317)
	at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:181)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1476)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Unknown Source)
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
	at ru.CryptoPro.ssl.B.a(Unknown Source)
	at ru.CryptoPro.ssl.SSLEngineImpl.a(Unknown Source)
	at ru.CryptoPro.ssl.f.a(Unknown Source)
	at ru.CryptoPro.ssl.f.a(Unknown Source)
	at ru.CryptoPro.ssl.m.a(Unknown Source)
	at ru.CryptoPro.ssl.m.a(Unknown Source)
	at ru.CryptoPro.ssl.f.o(Unknown Source)
	at ru.CryptoPro.ssl.U.a(Unknown Source)
	at ru.CryptoPro.ssl.U.run(Unknown Source)
	at java.security.AccessController.doPrivileged(Native Method)
	at ru.CryptoPro.ssl.c.run(Unknown Source)
	at org.apache.tomcat.util.net.SecureNioChannel.tasks(SecureNioChannel.java:301)
	at org.apache.tomcat.util.net.SecureNioChannel.handshakeUnwrap(SecureNioChannel.java:359)
	at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:208)
	... 6 more
Caused by: java.security.cert.CertificateException: [PKIX] a failure during check of the certificate chain
	at ru.CryptoPro.ssl.w.a(Unknown Source)
	at ru.CryptoPro.ssl.w.a(Unknown Source)
	at ru.CryptoPro.ssl.g.checkClientTrusted(Unknown Source)
	at ru.CryptoPro.ssl.x.checkClientTrusted(Unknown Source)
	... 16 more
Caused by: java.security.cert.CertPathValidatorException: Could not determine revocation status
	at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(Unknown Source)
	at sun.security.provider.certpath.PKIXCertPathValidator.validate(Unknown Source)
	at sun.security.provider.certpath.PKIXCertPathValidator.validate(Unknown Source)
	at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown Source)
	at java.security.cert.CertPathValidator.validate(Unknown Source)
	at ru.CryptoPro.reprov.CPCertPathValidator.engineValidate(Unknown Source)
	at java.security.cert.CertPathValidator.validate(Unknown Source)
	... 20 more

Отредактировано пользователем 28 октября 2015 г. 15:24:08(UTC)  | Причина: Не указана

Offline Евгений Афанасьев  
#2 Оставлено : 28 октября 2015 г. 15:22:58(UTC)
Евгений Афанасьев

Статус: Сотрудник

Группы: Участники
Зарегистрирован: 06.12.2008(UTC)
Сообщений: 3,910
Российская Федерация
Откуда: Крипто-Про

Сказал(а) «Спасибо»: 20 раз
Поблагодарили: 685 раз в 646 постах
Попробуйте запустить с:
1) включенным логгером JCPLogger с уровнем FINE
2) с аргументом -Djava.security.debug=certpath
Offline vega  
#3 Оставлено : 28 октября 2015 г. 15:52:15(UTC)
vega

Статус: Активный участник

Группы: Участники
Зарегистрирован: 22.10.2010(UTC)
Сообщений: 47
Российская Федерация

Сказал(а) «Спасибо»: 11 раз
Сделал. Вот полный лог: catalina.2015-10-28.log.online (116kb) загружен 2 раз(а).. Выдержка начиная с посылки клиентского сертификата:

Код:

28-Oct-2015 15:31:27.338 FINE [http-nio-443-exec-2] ru.CryptoPro.ssl.m.a %% Certificate message:
------
  Subject: C=RU, O=Client, CN=Client2, EMAILADDRESS=client2@client.ru
  Valid from Wed Oct 28 13:03:25 MSK 2015 until Thu Jan 28 13:13:25 MSK 2016
------
28-Oct-2015 15:31:27.339 FINER [http-nio-443-exec-2] ru.CryptoPro.ssl.w.<init> Validator() count of trusted certificates: 1
28-Oct-2015 15:31:27.339 FINE [http-nio-443-exec-2] ru.CryptoPro.JCP.tools.SelfTester.checkClass [http-nio-443-exec-2] class: ru.CryptoPro.JCP.Sign.c, URL: file:/C:/Program%20Files/Java/jre7/lib/ext/JCP.jar
28-Oct-2015 15:31:27.339 FINE [http-nio-443-exec-2] ru.CryptoPro.JCP.tools.SelfTester.checkClass [http-nio-443-exec-2] check URL: file:/C:/Program%20Files/Java/jre7/lib/ext/JCP.jar
28-Oct-2015 15:31:27.339 FINER [http-nio-443-exec-2] ru.CryptoPro.JCP.Sign.c.engineInitVerify ENTRY
28-Oct-2015 15:31:27.340 FINER [http-nio-443-exec-2] ru.CryptoPro.JCP.Sign.c.engineInitVerify RETURN
28-Oct-2015 15:31:27.340 FINER [http-nio-443-exec-2] ru.CryptoPro.JCP.Sign.c.engineVerify ENTRY
28-Oct-2015 15:31:27.349 FINER [http-nio-443-exec-2] ru.CryptoPro.JCP.Sign.c.engineVerify RETURN
28-Oct-2015 15:31:27.351 FINER [http-nio-443-exec-2] ru.CryptoPro.ssl.w.a Count of certificates to be checked: 1 (is server chain: false)
28-Oct-2015 15:31:27.351 FINER [http-nio-443-exec-2] ru.CryptoPro.ssl.w.a Build a certificate chain using following certificates(length: 1)
28-Oct-2015 15:31:27.352 FINER [http-nio-443-exec-2] ru.CryptoPro.ssl.w.a Certificate #0
	serial number: 120009cee1f047666888ab1a4c00000009cee1
	subject: C=RU, O=Client, CN=Client2, EMAILADDRESS=client2@client.ru
	issuer: CN=CRYPTO-PRO Test Center 2, O=CRYPTO-PRO LLC, L=Moscow, C=RU, EMAILADDRESS=support@cryptopro.ru
28-Oct-2015 15:31:27.352 FINER [http-nio-443-exec-2] ru.CryptoPro.ssl.w.a Root certificate is NOT found.
28-Oct-2015 15:31:27.353 FINE [http-nio-443-exec-2] ru.CryptoPro.ssl.w.a [PKIX] Signature provider: JCP
28-Oct-2015 15:31:27.353 FINE [http-nio-443-exec-2] ru.CryptoPro.ssl.w.a [PKIX] Set some additional (intermediate) certificates
28-Oct-2015 15:31:27.354 FINE [http-nio-443-exec-2] ru.CryptoPro.ssl.w.a [PKIX] parameters:
	com.sun.security.enableCRLDP=true
	com.ibm.security.enableCRLDP=false
28-Oct-2015 15:31:27.354 FINER [http-nio-443-exec-2] ru.CryptoPro.ssl.w.a [PKIX] Revocation enabled: false
28-Oct-2015 15:31:27.363 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.u.engineBuild SunCertPathBuilder.engineBuild([
[
  Trust Anchors: [[
  Trusted CA cert: [
[
  Version: V3
  Subject: CN=CRYPTO-PRO Test Center 2, O=CRYPTO-PRO LLC, L=Moscow, C=RU, EMAILADDRESS=support@cryptopro.ru
  Signature Algorithm: 1.2.643.2.2.3, OID = 1.2.643.2.2.3

  Key:  ru.CryptoPro.JCP.Key.GostPublicKey
  Validity: [From: Tue Aug 05 17:44:24 MSK 2014,
               To: Mon Aug 05 16:54:03 MSK 2019]
  Issuer: CN=CRYPTO-PRO Test Center 2, O=CRYPTO-PRO LLC, L=Moscow, C=RU, EMAILADDRESS=support@cryptopro.ru
  SerialNumber: [    2b6e3351 fd6eb2ad 48200203 cb5ba141]

Certificate Extensions: 4
[1]: ObjectId: 1.3.6.1.4.1.311.21.1 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 03 02 01 00                                     .....


[2]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

[3]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
  DigitalSignature
  Key_CertSign
  Crl_Sign
]

[4]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 15 31 7C B0 8D 1A DE 66   D7 15 9C 49 52 97 17 24  .1.....f...IR..$
0010: B9 01 7A 83                                        ..z.
]
]

]
  Algorithm: [1.2.643.2.2.3]
  Signature:
0000: D8 CA 1C 4B E9 61 20 65   47 2C D5 C8 EA 38 88 DE  ...K.a eG,...8..
0010: CD EC 71 C8 45 BF BF 9C   E5 DE FF 55 5A 77 24 99  ..q.E......UZw$.
0020: ED E0 B9 22 D1 AB E7 F7   4F E6 D0 6F 7B 8F 5A 2A  ..."....O..o..Z*
0030: E3 4E E9 64 0D 90 50 32   C1 F1 E3 B4 49 12 57 D5  .N.d..P2....I.W.

]
]
  Initial Policy OIDs: any
  Validity Date: null
  Signature Provider: JCP
  Default Revocation Enabled: false
  Explicit Policy Required: false
  Policy Mapping Inhibited: false
  Any Policy Inhibited: false
  Policy Qualifiers Rejected: true
  Target Cert Constraints: X509CertSelector: [
  Certificate: [
[
  Version: V3
  Subject: C=RU, O=Client, CN=Client2, EMAILADDRESS=client2@client.ru
  Signature Algorithm: 1.2.643.2.2.3, OID = 1.2.643.2.2.3

  Key:  ru.CryptoPro.JCP.Key.GostPublicKey
  Validity: [From: Wed Oct 28 13:03:25 MSK 2015,
               To: Thu Jan 28 13:13:25 MSK 2016]
  Issuer: CN=CRYPTO-PRO Test Center 2, O=CRYPTO-PRO LLC, L=Moscow, C=RU, EMAILADDRESS=support@cryptopro.ru
  SerialNumber: [    120009ce e1f04766 6888ab1a 4c000000 09cee1]

Certificate Extensions: 6
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: caIssuers
   accessLocation: URIName: http://testca.cryptopro.ru/CertEnroll/test-ca-2014_CRYPTO-PRO%20Test%20Center%202.crt
, 
   accessMethod: ocsp
   accessLocation: URIName: http://testca.cryptopro.ru/ocsp/ocsp.srf
]
]

[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 15 31 7C B0 8D 1A DE 66   D7 15 9C 49 52 97 17 24  .1.....f...IR..$
0010: B9 01 7A 83                                        ..z.
]
]

[3]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://testca.cryptopro.ru/CertEnroll/CRYPTO-PRO%20Test%20Center%202.crl]
]]

[4]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  clientAuth
]

[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  DigitalSignature
  Non_repudiation
  Key_Encipherment
  Data_Encipherment
]

[6]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 66 AA A4 47 2E 7E F9 E8   50 01 69 C4 2F 54 E4 C3  f..G....P.i./T..
0010: D2 CD 8B D5                                        ....
]
]

]
  Algorithm: [1.2.643.2.2.3]
  Signature:
0000: 09 41 EB 59 5B 4A 78 A2   30 7A 82 6C 83 1A 82 5B  .A.Y[Jx.0z.l...[
0010: 35 6C 74 DB F3 69 3B 46   D7 B4 5B D7 A6 09 DA 80  5lt..i;F..[.....
0020: AD 6E 41 C0 F3 41 21 2D   69 2A 16 4F 5A DE 94 2A  .nA..A!-i*.OZ..*
0030: 0A 82 D9 B0 CF 73 E4 1F   EF 84 2C 63 D0 D8 DE 14  .....s....,c....

]
  matchAllSubjectAltNames flag: true
]
  Certification Path Checkers: [[]]
  CertStores: [[java.security.cert.CertStore@1cdd0d8f, java.security.cert.CertStore@74a53616]]
]  Maximum Path Length: 5
]
)
28-Oct-2015 15:31:27.386 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.u.a SunCertPathBuilder.buildForward()...
28-Oct-2015 15:31:27.409 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.u.a SunCertPathBuilder.depthFirstSearchForward(C=RU, O=Client, CN=Client2, EMAILADDRESS=client2@client.ru, State [
  issuerDN of last cert: null
  traversedCACerts: 0
  init: true
  keyParamsNeeded: false
  subjectNamesTraversed: 
[]]
)
28-Oct-2015 15:31:27.409 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.p.a ForwardBuilder.getMatchingCerts()...
28-Oct-2015 15:31:27.409 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.p.a ForwardBuilder.getMatchingEECerts()...
28-Oct-2015 15:31:27.427 FINER [http-nio-443-exec-2] ru.CryptoPro.JCP.Key.GostKeyFactory.engineGeneratePublic ENTRY
28-Oct-2015 15:31:27.428 FINER [http-nio-443-exec-2] ru.CryptoPro.JCP.Key.GostPublicKey.decode ENTRY
28-Oct-2015 15:31:27.431 FINER [http-nio-443-exec-2] ru.CryptoPro.JCP.Key.GostPublicKey.decode RETURN
28-Oct-2015 15:31:27.431 FINER [http-nio-443-exec-2] ru.CryptoPro.JCP.Key.GostKeyFactory.engineGeneratePublic RETURN
28-Oct-2015 15:31:27.448 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.E.a Builder.addMatchingCerts: adding target cert
28-Oct-2015 15:31:27.448 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.p.b ForwardBuilder.getMatchingCACerts()...
28-Oct-2015 15:31:27.448 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.p.b ForwardBuilder.getMatchingCACerts(): ca is target
28-Oct-2015 15:31:27.448 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.p.b ForwardBuilder.getMatchingCACerts: found 0 CA certs
28-Oct-2015 15:31:27.449 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.u.a SunCertPathBuilder.depthFirstSearchForward(): certs.size=1
28-Oct-2015 15:31:27.450 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.p.a ForwardBuilder.verifyCert(SN: 401416751108960865055079732699384830172450529
  Issuer: CN=CRYPTO-PRO Test Center 2, O=CRYPTO-PRO LLC, L=Moscow, C=RU, EMAILADDRESS=support@cryptopro.ru)
  Subject: C=RU, O=Client, CN=Client2, EMAILADDRESS=client2@client.ru)
28-Oct-2015 15:31:27.452 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.u.a SunCertPathBuilder.depthFirstSearchForward(CN=CRYPTO-PRO Test Center 2, O=CRYPTO-PRO LLC, L=Moscow, C=RU, EMAILADDRESS=support@cryptopro.ru, State [
  issuerDN of last cert: CN=CRYPTO-PRO Test Center 2, O=CRYPTO-PRO LLC, L=Moscow, C=RU, EMAILADDRESS=support@cryptopro.ru
  traversedCACerts: 0
  init: false
  keyParamsNeeded: false
  subjectNamesTraversed: 
[C=RU, O=Client, CN=Client2, EMAILADDRESS=client2@client.ru]]
)
28-Oct-2015 15:31:27.452 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.p.a ForwardBuilder.getMatchingCerts()...
28-Oct-2015 15:31:27.452 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.p.b ForwardBuilder.getMatchingCACerts()...
28-Oct-2015 15:31:27.454 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.p.b ForwardBuilder.getMatchingCACerts: found matching trust anchor
28-Oct-2015 15:31:27.454 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.u.a SunCertPathBuilder.depthFirstSearchForward(): certs.size=1
28-Oct-2015 15:31:27.454 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.p.a ForwardBuilder.verifyCert(SN: 57728997371994696567280767905637835073
  Issuer: CN=CRYPTO-PRO Test Center 2, O=CRYPTO-PRO LLC, L=Moscow, C=RU, EMAILADDRESS=support@cryptopro.ru)
  Subject: CN=CRYPTO-PRO Test Center 2, O=CRYPTO-PRO LLC, L=Moscow, C=RU, EMAILADDRESS=support@cryptopro.ru)
28-Oct-2015 15:31:27.454 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.p.a policyMappingFound = false
28-Oct-2015 15:31:27.455 FINE [http-nio-443-exec-2] ru.CryptoPro.JCP.tools.SelfTester.checkClass [http-nio-443-exec-2] class: ru.CryptoPro.JCP.Sign.c, URL: file:/C:/Program%20Files/Java/jre7/lib/ext/JCP.jar
28-Oct-2015 15:31:27.455 FINE [http-nio-443-exec-2] ru.CryptoPro.JCP.tools.SelfTester.checkClass [http-nio-443-exec-2] check URL: file:/C:/Program%20Files/Java/jre7/lib/ext/JCP.jar
28-Oct-2015 15:31:27.455 FINER [http-nio-443-exec-2] ru.CryptoPro.JCP.Sign.c.engineInitVerify ENTRY
28-Oct-2015 15:31:27.455 FINER [http-nio-443-exec-2] ru.CryptoPro.JCP.Sign.c.engineInitVerify RETURN
28-Oct-2015 15:31:27.455 FINER [http-nio-443-exec-2] ru.CryptoPro.JCP.Sign.c.engineVerify ENTRY
28-Oct-2015 15:31:27.464 FINER [http-nio-443-exec-2] ru.CryptoPro.JCP.Sign.c.engineVerify RETURN
28-Oct-2015 15:31:27.464 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.u.a SunCertPathBuilder.depthFirstSearchForward(): commencing final verification
28-Oct-2015 15:31:27.467 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.u.a current subject = C=RU, O=Client, CN=Client2, EMAILADDRESS=client2@client.ru
28-Oct-2015 15:31:27.467 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.s.a PolicyChecker.checkPolicy() ---checking certificate policies...
28-Oct-2015 15:31:27.467 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.s.a PolicyChecker.checkPolicy() certIndex = 1
28-Oct-2015 15:31:27.467 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.s.a PolicyChecker.checkPolicy() BEFORE PROCESSING: explicitPolicy = 2
28-Oct-2015 15:31:27.467 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.s.a PolicyChecker.checkPolicy() BEFORE PROCESSING: policyMapping = 2
28-Oct-2015 15:31:27.467 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.s.a PolicyChecker.checkPolicy() BEFORE PROCESSING: inhibitAnyPolicy = 2
28-Oct-2015 15:31:27.467 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.s.a PolicyChecker.checkPolicy() BEFORE PROCESSING: policyTree = anyPolicy  ROOT

28-Oct-2015 15:31:27.467 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.s.a PolicyChecker.processPolicies() no policies present in cert
28-Oct-2015 15:31:27.467 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.s.a PolicyChecker.checkPolicy() AFTER PROCESSING: explicitPolicy = 2
28-Oct-2015 15:31:27.467 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.s.a PolicyChecker.checkPolicy() AFTER PROCESSING: policyMapping = 2
28-Oct-2015 15:31:27.468 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.s.a PolicyChecker.checkPolicy() AFTER PROCESSING: inhibitAnyPolicy = 2
28-Oct-2015 15:31:27.468 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.s.a PolicyChecker.checkPolicy() AFTER PROCESSING: policyTree = null
28-Oct-2015 15:31:27.468 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.s.a PolicyChecker.checkPolicy() certificate policies verified
28-Oct-2015 15:31:27.468 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.u.a SunCertPathBuilder.depthFirstSearchForward(): final verification succeeded - path completed!
28-Oct-2015 15:31:27.468 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.u.a SunCertPathBuilder.engineBuild() pathCompleted
28-Oct-2015 15:31:27.470 FINE [http-nio-443-exec-2] ru.CryptoPro.ssl.w.a [PKIX] Certificate chain was built (length: 2).
28-Oct-2015 15:31:27.471 CONFIG [http-nio-443-exec-2] ru.CryptoPro.JCP.pref.JCPPref.getBoolean User Preference Node: /ru/CryptoPro/ssl.Enable_revocation_default=true
28-Oct-2015 15:31:27.471 CONFIG [http-nio-443-exec-2] ru.CryptoPro.JCP.pref.JCPPref.getBoolean User Preference Node: /ru/CryptoPro/ssl.Enable_CRL_revocation_online_default=true
28-Oct-2015 15:31:27.471 CONFIG [http-nio-443-exec-2] ru.CryptoPro.JCP.pref.JCPPref.getBoolean User Preference Node: /ru/CryptoPro/ssl.Enable_CRL_revocation_offline_default=false
28-Oct-2015 15:31:27.471 FINE [http-nio-443-exec-2] ru.CryptoPro.ssl.w.a [PKIX] Online verification is enabled.
28-Oct-2015 15:31:27.485 FINE [http-nio-443-exec-2] ru.CryptoPro.ssl.w.a [PKIX] Offline verification is disabled. CRL timer is turned OFF.
28-Oct-2015 15:31:27.485 FINER [http-nio-443-exec-2] ru.CryptoPro.ssl.w.a [PKIX] Revocation enabled: true
28-Oct-2015 15:31:27.525 FINE [http-nio-443-exec-2] ru.CryptoPro.JCP.tools.SelfTester.checkClass [http-nio-443-exec-2] class: ru.CryptoPro.JCP.Sign.c, URL: file:/C:/Program%20Files/Java/jre7/lib/ext/JCP.jar
28-Oct-2015 15:31:27.525 FINE [http-nio-443-exec-2] ru.CryptoPro.JCP.tools.SelfTester.checkClass [http-nio-443-exec-2] check URL: file:/C:/Program%20Files/Java/jre7/lib/ext/JCP.jar
28-Oct-2015 15:31:27.525 FINER [http-nio-443-exec-2] ru.CryptoPro.JCP.Sign.c.engineInitVerify ENTRY
28-Oct-2015 15:31:27.526 FINER [http-nio-443-exec-2] ru.CryptoPro.JCP.Sign.c.engineInitVerify RETURN
28-Oct-2015 15:31:27.526 FINER [http-nio-443-exec-2] ru.CryptoPro.JCP.Sign.c.engineVerify ENTRY
28-Oct-2015 15:31:27.533 FINER [http-nio-443-exec-2] ru.CryptoPro.JCP.Sign.c.engineVerify RETURN
28-Oct-2015 15:31:27.533 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.CrlRevocationChecker.a CrlRevocationChecker.verifyRevocationStatus() ---checking revocation status...
28-Oct-2015 15:31:27.536 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.CrlRevocationChecker.a CrlRevocationChecker.verifyRevocationStatus() crls.size() = 0
28-Oct-2015 15:31:27.536 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.CrlRevocationChecker.a CrlRevocationChecker.verifyRevocationStatus() approved crls.size() = 0
28-Oct-2015 15:31:27.536 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.CrlRevocationChecker.a CrlRevocationChecker.verifyWithSeparateSigningKey() ---checking revocation status...
28-Oct-2015 15:31:27.536 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.CrlRevocationChecker.a CrlRevocationChecker.buildToNewKey() starting work
28-Oct-2015 15:31:27.537 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.CrlRevocationChecker.a CrlRevocationChecker.buildToNewKey() about to try build ...
28-Oct-2015 15:31:27.541 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.z.match RejectCertSelector.match: returning true
28-Oct-2015 15:31:27.543 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.CrlRevocationChecker.a CrlRevocationChecker.buildToNewKey() about to check revocation ...
28-Oct-2015 15:31:27.543 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.CrlRevocationChecker.a CrlRevocationChecker.buildToNewKey() got key ru.CryptoPro.JCP.Key.GostPublicKey
28-Oct-2015 15:31:27.543 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.CrlRevocationChecker.a CrlRevocationChecker.verifyRevocationStatus() ---checking revocation status...
28-Oct-2015 15:31:27.543 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.CrlRevocationChecker.a CrlRevocationChecker.verifyRevocationStatus() crls.size() = 0
28-Oct-2015 15:31:27.543 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.CrlRevocationChecker.a CrlRevocationChecker.verifyRevocationStatus() approved crls.size() = 0
28-Oct-2015 15:31:27.544 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.CrlRevocationChecker.a CrlRevocationChecker.buildToNewKey() about to try build ...
28-Oct-2015 15:31:27.546 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.z.match RejectCertSelector.match: bad key
28-Oct-2015 15:31:27.546 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.z.match RejectCertSelector.match: bad key
28-Oct-2015 15:31:27.546 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.z.match RejectCertSelector.match: bad key
28-Oct-2015 15:31:27.546 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.z.match RejectCertSelector.match: bad key
28-Oct-2015 15:31:27.547 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.z.match RejectCertSelector.match: bad key
28-Oct-2015 15:31:27.548 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.z.match RejectCertSelector.match: bad key
28-Oct-2015 15:31:27.548 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.z.match RejectCertSelector.match: bad key
28-Oct-2015 15:31:27.548 FINE [http-nio-443-exec-2] ru.CryptoPro.reprov.certpath.z.match RejectCertSelector.match: bad key
28-Oct-2015 15:31:27.548 FINE [http-nio-443-exec-2] ru.CryptoPro.ssl.w.a THROW
 java.security.cert.CertPathValidatorException: Could not determine revocation status
	at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(Unknown Source)
	at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(Unknown Source)
	at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown Source)
	at java.security.cert.CertPathValidator.validate(Unknown Source)
	at ru.CryptoPro.reprov.CPCertPathValidator.engineValidate(Unknown Source)
	at java.security.cert.CertPathValidator.validate(Unknown Source)
	at ru.CryptoPro.ssl.w.a(Unknown Source)
	at ru.CryptoPro.ssl.w.a(Unknown Source)
	at ru.CryptoPro.ssl.g.checkClientTrusted(Unknown Source)
	at ru.CryptoPro.ssl.x.checkClientTrusted(Unknown Source)
	at ru.CryptoPro.ssl.m.a(Unknown Source)
	at ru.CryptoPro.ssl.m.a(Unknown Source)
	at ru.CryptoPro.ssl.f.o(Unknown Source)
	at ru.CryptoPro.ssl.U.a(Unknown Source)
	at ru.CryptoPro.ssl.U.run(Unknown Source)
	at java.security.AccessController.doPrivileged(Native Method)
	at ru.CryptoPro.ssl.c.run(Unknown Source)
	at org.apache.tomcat.util.net.SecureNioChannel.tasks(SecureNioChannel.java:301)
	at org.apache.tomcat.util.net.SecureNioChannel.handshakeUnwrap(SecureNioChannel.java:359)
	at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:208)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1476)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Unknown Source)

28-Oct-2015 15:31:27.549 SEVERE [http-nio-443-exec-2] ru.CryptoPro.ssl.SSLEngineImpl.a http-nio-443-exec-2, fatal error: 46: General SSLEngine problem

28-Oct-2015 15:31:27.549 SEVERE [http-nio-443-exec-2] ru.CryptoPro.ssl.SSLEngineImpl.a http-nio-443-exec-2, fatal error: 
 java.security.cert.CertificateException: [PKIX] a failure during check of the certificate chain
	at ru.CryptoPro.ssl.w.a(Unknown Source)
	at ru.CryptoPro.ssl.w.a(Unknown Source)
	at ru.CryptoPro.ssl.g.checkClientTrusted(Unknown Source)
	at ru.CryptoPro.ssl.x.checkClientTrusted(Unknown Source)
	at ru.CryptoPro.ssl.m.a(Unknown Source)
	at ru.CryptoPro.ssl.m.a(Unknown Source)
	at ru.CryptoPro.ssl.f.o(Unknown Source)
	at ru.CryptoPro.ssl.U.a(Unknown Source)
	at ru.CryptoPro.ssl.U.run(Unknown Source)
	at java.security.AccessController.doPrivileged(Native Method)
	at ru.CryptoPro.ssl.c.run(Unknown Source)
	at org.apache.tomcat.util.net.SecureNioChannel.tasks(SecureNioChannel.java:301)
	at org.apache.tomcat.util.net.SecureNioChannel.handshakeUnwrap(SecureNioChannel.java:359)
	at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:208)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1476)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Unknown Source)
Caused by: java.security.cert.CertPathValidatorException: Could not determine revocation status
	at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(Unknown Source)
	at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(Unknown Source)
	at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown Source)
	at java.security.cert.CertPathValidator.validate(Unknown Source)
	at ru.CryptoPro.reprov.CPCertPathValidator.engineValidate(Unknown Source)
	at java.security.cert.CertPathValidator.validate(Unknown Source)
	... 20 more

28-Oct-2015 15:31:27.550 SEVERE [http-nio-443-exec-2] ru.CryptoPro.ssl.SSLEngineImpl.a http-nio-443-exec-2, fatal error: 80: problem unwrapping net record

28-Oct-2015 15:31:27.550 SEVERE [http-nio-443-exec-2] ru.CryptoPro.ssl.SSLEngineImpl.a http-nio-443-exec-2, fatal error: 
 javax.net.ssl.SSLHandshakeException: General SSLEngine problem
	at ru.CryptoPro.ssl.f.u(Unknown Source)
	at ru.CryptoPro.ssl.SSLEngineImpl.d(Unknown Source)
	at ru.CryptoPro.ssl.SSLEngineImpl.c(Unknown Source)
	at ru.CryptoPro.ssl.SSLEngineImpl.wrap(Unknown Source)
	at javax.net.ssl.SSLEngine.wrap(Unknown Source)
	at org.apache.tomcat.util.net.SecureNioChannel.handshakeWrap(SecureNioChannel.java:317)
	at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:181)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1476)
	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Unknown Source)
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
	at ru.CryptoPro.ssl.B.a(Unknown Source)
	at ru.CryptoPro.ssl.SSLEngineImpl.a(Unknown Source)
	at ru.CryptoPro.ssl.f.a(Unknown Source)
	at ru.CryptoPro.ssl.f.a(Unknown Source)
	at ru.CryptoPro.ssl.m.a(Unknown Source)
	at ru.CryptoPro.ssl.m.a(Unknown Source)
	at ru.CryptoPro.ssl.f.o(Unknown Source)
	at ru.CryptoPro.ssl.U.a(Unknown Source)
	at ru.CryptoPro.ssl.U.run(Unknown Source)
	at java.security.AccessController.doPrivileged(Native Method)
	at ru.CryptoPro.ssl.c.run(Unknown Source)
	at org.apache.tomcat.util.net.SecureNioChannel.tasks(SecureNioChannel.java:301)
	at org.apache.tomcat.util.net.SecureNioChannel.handshakeUnwrap(SecureNioChannel.java:359)
	at org.apache.tomcat.util.net.SecureNioChannel.handshake(SecureNioChannel.java:208)
	... 6 more
Caused by: java.security.cert.CertificateException: [PKIX] a failure during check of the certificate chain
	at ru.CryptoPro.ssl.w.a(Unknown Source)
	at ru.CryptoPro.ssl.w.a(Unknown Source)
	at ru.CryptoPro.ssl.g.checkClientTrusted(Unknown Source)
	at ru.CryptoPro.ssl.x.checkClientTrusted(Unknown Source)
	... 16 more
Caused by: java.security.cert.CertPathValidatorException: Could not determine revocation status
	at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(Unknown Source)
	at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(Unknown Source)
	at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown Source)
	at java.security.cert.CertPathValidator.validate(Unknown Source)
	at ru.CryptoPro.reprov.CPCertPathValidator.engineValidate(Unknown Source)
	at java.security.cert.CertPathValidator.validate(Unknown Source)
	... 20 more catalina.2015-10-28.log.online (116kb) загружен 2 раз(а).
Offline Евгений Афанасьев  
#4 Оставлено : 28 октября 2015 г. 17:09:26(UTC)
Евгений Афанасьев

Статус: Сотрудник

Группы: Участники
Зарегистрирован: 06.12.2008(UTC)
Сообщений: 3,910
Российская Федерация
Откуда: Крипто-Про

Сказал(а) «Спасибо»: 20 раз
Поблагодарили: 685 раз в 646 постах
У вас большой trust store? Вероятно, есть несколько одинаковых (с точки зрения issuer) сертификатов УЦ? Если да, то попробуйте для эксперимента оставить только один корневой сертификат, который точно подходит вашему клиентскому сертификату.
Offline vega  
#5 Оставлено : 28 октября 2015 г. 17:14:49(UTC)
vega

Статус: Активный участник

Группы: Участники
Зарегистрирован: 22.10.2010(UTC)
Сообщений: 47
Российская Федерация

Сказал(а) «Спасибо»: 11 раз
В нем только один сертификат от тестового УЦ КриптоПро. И он точно подходит к клиентскому сертификату, пробовал строить цепочку через JCP Control Panel.
Offline Евгений Афанасьев  
#6 Оставлено : 28 октября 2015 г. 18:32:13(UTC)
Евгений Афанасьев

Статус: Сотрудник

Группы: Участники
Зарегистрирован: 06.12.2008(UTC)
Сообщений: 3,910
Российская Федерация
Откуда: Крипто-Про

Сказал(а) «Спасибо»: 20 раз
Поблагодарили: 685 раз в 646 постах
Какая у вас версия JCP?
Offline vega  
#7 Оставлено : 30 октября 2015 г. 5:36:18(UTC)
vega

Статус: Активный участник

Группы: Участники
Зарегистрирован: 22.10.2010(UTC)
Сообщений: 47
Российская Федерация

Сказал(а) «Спасибо»: 11 раз
В первом сообщении писал: "Пробовал JCP 2.0 сборок 38150 и 38481 на Java 7 и Java 8."

Нашел у себя версию сборки 37748, на ней тоже не работает.
Offline Евгений Афанасьев  
#8 Оставлено : 30 октября 2015 г. 12:01:50(UTC)
Евгений Афанасьев

Статус: Сотрудник

Группы: Участники
Зарегистрирован: 06.12.2008(UTC)
Сообщений: 3,910
Российская Федерация
Откуда: Крипто-Про

Сказал(а) «Спасибо»: 20 раз
Поблагодарили: 685 раз в 646 постах
Попробовал win 7, tomcat 8.0.28, jre 1.8.0_60, jcp 2.0.38481, сертификаты сервера и клиента выпущены в https://www.cryptopro.ru/certsrv/ - воспроизвести не удалось, на сервере клиентская цепочка проверяется успешно. Какие у вас настройки на закладке "Настройки сервера" в панели JCP?
Offline vega  
#9 Оставлено : 2 ноября 2015 г. 10:40:26(UTC)
vega

Статус: Активный участник

Группы: Участники
Зарегистрирован: 22.10.2010(UTC)
Сообщений: 47
Российская Федерация

Сказал(а) «Спасибо»: 11 раз
Настройки такие:
JCP.png (23kb) загружен 32 раз(а).

И тут возник вопрос. Tomcat работает как служба под windows от имени LOCALSYSTEM. Настройки сервера на этой вкладке - они пользовательские или распространяются на всех?

Отредактировано пользователем 2 ноября 2015 г. 10:41:39(UTC)  | Причина: Не указана

Offline Евгений Афанасьев  
#10 Оставлено : 2 ноября 2015 г. 11:08:18(UTC)
Евгений Афанасьев

Статус: Сотрудник

Группы: Участники
Зарегистрирован: 06.12.2008(UTC)
Сообщений: 3,910
Российская Федерация
Откуда: Крипто-Про

Сказал(а) «Спасибо»: 20 раз
Поблагодарили: 685 раз в 646 постах
Странно, что проверка у вас выполняется, хотя она отключена в настройках. По логам у вас:
28-Oct-2015 15:31:27.471 CONFIG [http-nio-443-exec-2] ru.CryptoPro.JCP.pref.JCPPref.getBoolean User Preference Node: /ru/CryptoPro/ssl.Enable_revocation_default=true
28-Oct-2015 15:31:27.471 CONFIG [http-nio-443-exec-2] ru.CryptoPro.JCP.pref.JCPPref.getBoolean User Preference Node: /ru/CryptoPro/ssl.Enable_CRL_revocation_online_default=true

Служба должна работать под управлением учетной записи, в чьей папке установлены контейнеры. Настройки пользовательские.
thanks 1 пользователь поблагодарил Евгений Афанасьев за этот пост.
vega оставлено 02.11.2015(UTC)
RSS Лента  Atom Лента
Пользователи, просматривающие эту тему
2 Страницы12>
Быстрый переход  
Вы не можете создавать новые темы в этом форуме.
Вы не можете отвечать в этом форуме.
Вы не можете удалять Ваши сообщения в этом форуме.
Вы не можете редактировать Ваши сообщения в этом форуме.
Вы не можете создавать опросы в этом форуме.
Вы не можете голосовать в этом форуме.