Ключевое слово в защите информации
КЛЮЧЕВОЕ СЛОВО
в защите информации
Получить ГОСТ TLS-сертификат для домена (SSL-сертификат)
Добро пожаловать, Гость! Чтобы использовать все возможности Вход или Регистрация.

Уведомление

Icon
Error

Опции
К последнему сообщению К первому непрочитанному
Offline Андрей Врагов  
#1 Оставлено : 16 июля 2019 г. 14:26:02(UTC)
Андрей Врагов

Статус: Участник

Группы: Участники
Зарегистрирован: 11.04.2017(UTC)
Сообщений: 25

Сказал(а) «Спасибо»: 1 раз
Добрый день!

Пытаюсь протестировать интерфейс внешних приложений Центра Регистрации с помощью SoapUI. Возникает масса вопросов по настройкам SoapUI.
1. Как настроить SoapUI на работу с российскими криптографическими алгоритмами, реализованными посредством КриптоПро JCP 2.0?
2. Как настроить Keystore, в котором хранится закрытый ключ и сертификат открытого ключа?
3. Как настроить Truststore, в котором хранится цепочка сертификатов корневого и промежуточного УЦ для проверки сертификата Web сервера, обслуживающего Web сервис.

Я настроил Outgoing WS-Security Configurations -> Encryption для sopaui'ого проекта, указав в качестве Keystore файл pkcs #12 (pfx). Key Identyfier Type пробовал использовать разные, но всегда получал ошибку на этапе handshake'инга:

Mon Jul 15 17:01:49 MSK 2019:ERROR:Exception in request: javax.net.ssl.SSLProtocolException: Server did not send a DH Server Key Exchange message

В трассе Wireshark'а вижу всегда только два два сообщения:

Запрос от клиента к серверу:

Transport Layer Security
TLSv1 Record Layer: Handshake Protocol: Client Hello
Content Type: Handshake (22)
Version: TLS 1.2 (0x0303)
Length: 228
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 224
Version: TLS 1.2 (0x0303)
Random: 5d2da007dc734d06245d9a3dc6d6edcb3e720a4b73b7904c…
GMT Unix Time: Jul 16, 2019 12:59:35.000000000 RTZ 2 (зима)
Random Bytes: dc734d06245d9a3dc6d6edcb3e720a4b73b7904c2839830e…
Session ID Length: 0
Cipher Suites Length: 86
Cipher Suites (43 suites)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 (0xc026)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 (0xc02a)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b)
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 (0xc025)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 (0xc029)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02e)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 (0xc032)
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 (0x00a3)
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02d)
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 (0xc031)
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0x00a2)
Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)
Compression Methods Length: 1
Compression Methods (1 method)
Compression Method: null (0)
Extensions Length: 97
Extension: supported_groups (len=22)
Type: supported_groups (10)
Length: 22
Supported Groups List Length: 20
Supported Groups (10 groups)
Supported Group: secp256r1 (0x0017)
Supported Group: secp384r1 (0x0018)
Supported Group: secp521r1 (0x0019)
Supported Group: sect283k1 (0x0009)
Supported Group: sect283r1 (0x000a)
Supported Group: sect409k1 (0x000b)
Supported Group: sect409r1 (0x000c)
Supported Group: sect571k1 (0x000d)
Supported Group: sect571r1 (0x000e)
Supported Group: secp256k1 (0x0016)
Extension: ec_point_formats (len=2)
Type: ec_point_formats (11)
Length: 2
EC point formats Length: 1
Elliptic curves point formats (1)
EC point format: uncompressed (0)
Extension: signature_algorithms (len=22)
Type: signature_algorithms (13)
Length: 22
Signature Hash Algorithms Length: 20
Signature Hash Algorithms (10 algorithms)
Signature Algorithm: ecdsa_secp521r1_sha512 (0x0603)
Signature Hash Algorithm Hash: SHA512 (6)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Algorithm: rsa_pkcs1_sha512 (0x0601)
Signature Hash Algorithm Hash: SHA512 (6)
Signature Hash Algorithm Signature: RSA (1)
Signature Algorithm: ecdsa_secp384r1_sha384 (0x0503)
Signature Hash Algorithm Hash: SHA384 (5)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Algorithm: rsa_pkcs1_sha384 (0x0501)
Signature Hash Algorithm Hash: SHA384 (5)
Signature Hash Algorithm Signature: RSA (1)
Signature Algorithm: ecdsa_secp256r1_sha256 (0x0403)
Signature Hash Algorithm Hash: SHA256 (4)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Algorithm: rsa_pkcs1_sha256 (0x0401)
Signature Hash Algorithm Hash: SHA256 (4)
Signature Hash Algorithm Signature: RSA (1)
Signature Algorithm: SHA256 DSA (0x0402)
Signature Hash Algorithm Hash: SHA256 (4)
Signature Hash Algorithm Signature: DSA (2)
Signature Algorithm: ecdsa_sha1 (0x0203)
Signature Hash Algorithm Hash: SHA1 (2)
Signature Hash Algorithm Signature: ECDSA (3)
Signature Algorithm: rsa_pkcs1_sha1 (0x0201)
Signature Hash Algorithm Hash: SHA1 (2)
Signature Hash Algorithm Signature: RSA (1)
Signature Algorithm: SHA1 DSA (0x0202)
Signature Hash Algorithm Hash: SHA1 (2)
Signature Hash Algorithm Signature: DSA (2)
Extension: extended_master_secret (len=0)
Type: extended_master_secret (23)
Length: 0
Extension: server_name (len=31)
Type: server_name (0)
Length: 31
Server Name Indication extension
Server Name list length: 29
Server Name Type: host_name (0)
Server Name length: 26
Server Name: ххххххххххххх


Ответ сервера:

Transport Layer Security
TLSv1 Record Layer: Handshake Protocol: Multiple Handshake Messages
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 2008
Handshake Protocol: Server Hello
Handshake Type: Server Hello (2)
Length: 77
Version: TLS 1.0 (0x0301)
Random: 5d2da00420c6a966777ace5d63f8a63c3ef3b25e26010e2e…
GMT Unix Time: Jul 16, 2019 12:59:32.000000000 RTZ 2 (зима)
Random Bytes: 20c6a966777ace5d63f8a63c3ef3b25e26010e2e8584d15c…
Session ID Length: 32
Session ID: af0a9ff88a4ed00e92ad773db0c6d0923f2962f81751158e…
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)
Compression Method: null (0)
Extensions Length: 5
Extension: renegotiation_info (len=1)
Type: renegotiation_info (65281)
Length: 1
Renegotiation Info extension
Renegotiation info extension length: 0
Handshake Protocol: Certificate
Handshake Type: Certificate (11)
Length: 1919
Certificates Length: 1916
Certificates (1916 bytes)
Certificate Length: 983
Certificate: 308203d330820380a003020102020a62541c8f000a000005… (id-at-commonName=хххххххххххххххххххх,id-at-organizationalUnitName=ххххххххххххххх,id-at-organizationName=ххххххххххххххххххх signedCertificate
version: v3 (2)
serialNumber: 0x62541c8f000a00000567
signature (iso.2.643.7.1.1.3.2)
Algorithm Id: 1.2.643.7.1.1.3.2 (iso.2.643.7.1.1.3.2)
issuer: rdnSequence (0)
rdnSequence: 1 item (id-at-commonName=SOME-CA)
RDNSequence item: 1 item (id-at-commonName=SOME-CA)
RelativeDistinguishedName item (id-at-commonName=SOME-CA)
Id: 2.5.4.3 (id-at-commonName)
DirectoryString: uTF8String (4)
uTF8String: SOME-CA
validity
notBefore: utcTime (0)
utcTime: 19-03-19 12:14:08 (UTC)
notAfter: utcTime (0)
utcTime: 20-06-19 12:24:08 (UTC)
subject: rdnSequence (0)
rdnSequence: 5 items (id-at-commonName=хххххххххххххххххх,id-at-organizationalUnitName=хххххххххххххххххх,id-at-organizationName=ххххххххххххххххххххх,id-at-localityName=ххххххххххх RDNSequence item: 1 item (id-at-countryName=RU)
RelativeDistinguishedName item (id-at-countryName=RU)
Id: 2.5.4.6 (id-at-countryName)
CountryName: RU
RDNSequence item: 1 item (id-at-localityName=ххххххххххххххххххххххх)
RelativeDistinguishedName item (id-at-localityName=хххххххххххххххххххххххххххх)
Id: 2.5.4.7 (id-at-localityName)
DirectoryString: uTF8String (4)
uTF8String: ххххххххххххххххххххххххххххх
RDNSequence item: 1 item (id-at-organizationName=ххххххххххххххххххххххххххх)
RelativeDistinguishedName item (id-at-organizationName=ххххххххххххххххххххххххххххххххххххххххххххххххх)
Id: 2.5.4.10 (id-at-organizationName)
DirectoryString: uTF8String (4)
uTF8String: хххххххххххххххххххххххххххххххххххххххххх
RDNSequence item: 1 item (id-at-organizationalUnitName=хххххххххххххххххххххххххххх)
RelativeDistinguishedName item (id-at-organizationalUnitName=хххххххххххххххххххххххххххх)
Id: 2.5.4.11 (id-at-organizationalUnitName)
DirectoryString: uTF8String (4)
uTF8String: ххххххххххххххххххххххххххххх
RDNSequence item: 1 item (id-at-commonName=ххххххххххххххххххххххххххххххххххххххх)
RelativeDistinguishedName item (id-at-commonName=хххххххххххххххххххххххххххххххххх SOME-RA)
Id: 2.5.4.3 (id-at-commonName)
DirectoryString: uTF8String (4)
uTF8String: ххххххххххххххххххххххххххххххххххххххх SOME-RA
subjectPublicKeyInfo
algorithm (iso.2.643.7.1.1.1.1)
Algorithm Id: 1.2.643.7.1.1.1.1 (iso.2.643.7.1.1.1.1)
BER: Dissector for OID not implemented. Contact Wireshark developers if you want this supported
[Expert Info (Warning/Undecoded): BER: Dissector for OID not implemented. Contact Wireshark developers if you want this supported]
[BER: Dissector for OID not implemented. Contact Wireshark developers if you want this supported]
[Severity level: Warning]
[Group: Undecoded]
Padding: 0
subjectPublicKey: 0440c3864beb4053013ab151694b5f1e497ab71e39c8d6a3…
extensions: 10 items
Extension (id-ce-keyUsage)
Extension Id: 2.5.29.15 (id-ce-keyUsage)
critical: True
Padding: 4
KeyUsage: 30 (keyEncipherment, dataEncipherment)
0... .... = digitalSignature: False
.0.. .... = contentCommitment: False
..1. .... = keyEncipherment: True
...1 .... = dataEncipherment: True
.... 0... = keyAgreement: False
.... .0.. = keyCertSign: False
.... ..0. = cRLSign: False
.... ...0 = encipherOnly: False
0... .... = decipherOnly: False
Extension (id-ce-subjectKeyIdentifier)
Extension Id: 2.5.29.14 (id-ce-subjectKeyIdentifier)
SubjectKeyIdentifier: c99c74e81238a5401f99ba70697cdae87c8e4e72
Extension (id-ms-certificate-template)
Extension Id: 1.3.6.1.4.1.311.21.7 (id-ms-certificate-template)
CertificateTemplate
templateID: 1.2.643.2.2.46.0.4 (iso.2.643.2.2.46.0.4)
templateMajorVersion: 1
templateMinorVersion: 0
Extension (id-ce-authorityKeyIdentifier)
Extension Id: 2.5.29.35 (id-ce-authorityKeyIdentifier)
AuthorityKeyIdentifier
keyIdentifier: 6ccd711bea8d14b7365259d0299fc4dd5ac5c47b
authorityCertIssuer: 1 item
GeneralName: directoryName (4)
directoryName: rdnSequence (0)
rdnSequence: 1 item (id-at-commonName=ROOT-CA)
RDNSequence item: 1 item (id-at-commonName=ROOT-CA)
RelativeDistinguishedName item (id-at-commonName=ROOT-CA)
Id: 2.5.4.3 (id-at-commonName)
DirectoryString: uTF8String (4)
uTF8String: ROOT-CA
authorityCertSerialNumber: 0x1518aa42000600000422
Extension (id-ce-extKeyUsage)
Extension Id: 2.5.29.37 (id-ce-extKeyUsage)
KeyPurposeIDs: 1 item
KeyPurposeId: 1.3.6.1.5.5.7.3.1 (id-kp-serverAuth)
Extension (id-ms-application-certificate-policies)
Extension Id: 1.3.6.1.4.1.311.21.10 (id-ms-application-certificate-policies)
CertificatePoliciesSyntax: 1 item
PolicyInformation
policyIdentifier: 1.3.6.1.5.5.7.3.1 (id-kp-serverAuth)
Extension (id-ce-subjectAltName)
Extension Id: 2.5.29.17 (id-ce-subjectAltName)
GeneralNames: 1 item
GeneralName: dNSName (2)
dNSName: xxxx.yyyyy.zz
Extension (id-ce-cRLDistributionPoints)
Extension Id: 2.5.29.31 (id-ce-cRLDistributionPoints)
CRLDistPointsSyntax: 1 item
DistributionPoint
distributionPoint: fullName (0)
fullName: 1 item
GeneralName: uniformResourceIdentifier (6)
uniformResourceIdentifier: http://xxxx.yyyyyy.zz/cd...59d0299fc4dd5ac5c47b.crl
Extension (id-pe-authorityInfoAccess)
Extension Id: 1.3.6.1.5.5.7.1.1 (id-pe-authorityInfoAccess)
AuthorityInfoAccessSyntax: 2 items
AccessDescription
accessMethod: 1.3.6.1.5.5.7.48.1 (id-ad-ocsp)
accessLocation: 6
uniformResourceIdentifier: http://xxxxx.yyyyy.zz/ocsp/ocsp.srf
AccessDescription
accessMethod: 1.3.6.1.5.5.7.48.2 (id-ad-caIssuers)
accessLocation: 6
uniformResourceIdentifier: http://xxxxx.yyyyy.zz/ai...59d0299fc4dd5ac5c47b.crt
Extension (id-ce-privateKeyUsagePeriod)
Extension Id: 2.5.29.16 (id-ce-privateKeyUsagePeriod)
PrivateKeyUsagePeriod
notBefore: 2019-03-19 12:14:07 (UTC)
notAfter: 2020-03-19 12:14:07 (UTC)
algorithmIdentifier (iso.2.643.7.1.1.3.2)
Algorithm Id: 1.2.643.7.1.1.3.2 (iso.2.643.7.1.1.3.2)
Padding: 0
encrypted: 465b20135343b026d9b4be11d0fd59e1c43a82ca5e873bd3…
Certificate Length: 927
Certificate: 3082039b30820348a003020102020a1518aa420006000004… (id-at-commonName=SOME-CA)
signedCertificate
version: v3 (2)
serialNumber: 0x1518aa42000600000422
signature (iso.2.643.7.1.1.3.2)
Algorithm Id: 1.2.643.7.1.1.3.2 (iso.2.643.7.1.1.3.2)
issuer: rdnSequence (0)
rdnSequence: 1 item (id-at-commonName=ROOT-CA)
RDNSequence item: 1 item (id-at-commonName=ROOT-CA)
RelativeDistinguishedName item (id-at-commonName=ROOT-CA)
Id: 2.5.4.3 (id-at-commonName)
DirectoryString: uTF8String (4)
uTF8String: ROOT-CA
validity
notBefore: utcTime (0)
utcTime: 19-03-19 11:15:50 (UTC)
notAfter: utcTime (0)
utcTime: 24-03-19 08:20:55 (UTC)
subject: rdnSequence (0)
rdnSequence: 1 item (id-at-commonName=SOME-CA)
RDNSequence item: 1 item (id-at-commonName=SOME-CA)
RelativeDistinguishedName item (id-at-commonName=SOME-CA)
Id: 2.5.4.3 (id-at-commonName)
DirectoryString: uTF8String (4)
uTF8String: SOME-CA
subjectPublicKeyInfo
algorithm (iso.2.643.7.1.1.1.1)
Algorithm Id: 1.2.643.7.1.1.1.1 (iso.2.643.7.1.1.1.1)
BER: Dissector for OID not implemented. Contact Wireshark developers if you want this supported
[Expert Info (Warning/Undecoded): BER: Dissector for OID not implemented. Contact Wireshark developers if you want this supported]
[BER: Dissector for OID not implemented. Contact Wireshark developers if you want this supported]
[Severity level: Warning]
[Group: Undecoded]
Padding: 0
subjectPublicKey: 044035484d9edf0dd8f7104f6e3254c6a12a2aca7ea243b2…
extensions: 9 items
Extension (id-ce-keyUsage)
Extension Id: 2.5.29.15 (id-ce-keyUsage)
critical: True
Padding: 1
KeyUsage: 86 (digitalSignature, keyCertSign, cRLSign)
1... .... = digitalSignature: True
.0.. .... = contentCommitment: False
..0. .... = keyEncipherment: False
...0 .... = dataEncipherment: False
.... 0... = keyAgreement: False
.... .1.. = keyCertSign: True
.... ..1. = cRLSign: True
.... ...0 = encipherOnly: False
0... .... = decipherOnly: False
Extension (id-ce-subjectKeyIdentifier)
Extension Id: 2.5.29.14 (id-ce-subjectKeyIdentifier)
SubjectKeyIdentifier: 6ccd711bea8d14b7365259d0299fc4dd5ac5c47b
Extension (id-ce-basicConstraints)
Extension Id: 2.5.29.19 (id-ce-basicConstraints)
critical: True
BasicConstraintsSyntax
cA: True
Extension (id-ms-ca-version)
Extension Id: 1.3.6.1.4.1.311.21.1 (id-ms-ca-version)
Integer: 655370
Extension (id-ce-authorityKeyIdentifier)
Extension Id: 2.5.29.35 (id-ce-authorityKeyIdentifier)
AuthorityKeyIdentifier
keyIdentifier: b16d026b3c3ad76a951a4b670a15aa8040de6e94
authorityCertIssuer: 1 item
GeneralName: directoryName (4)
directoryName: rdnSequence (0)
rdnSequence: 1 item (id-at-commonName=ROOT-CA)
RDNSequence item: 1 item (id-at-commonName=ROOT-CA)
RelativeDistinguishedName item (id-at-commonName=ROOT-CA)
Id: 2.5.4.3 (id-at-commonName)
DirectoryString: uTF8String (4)
uTF8String: ROOT-CA
authorityCertSerialNumber: 0x2ae1779c00060000041c
Extension (id-ms-certificate-template)
Extension Id: 1.3.6.1.4.1.311.21.7 (id-ms-certificate-template)
CertificateTemplate
templateID: 1.2.643.2.2.46.0.1 (iso.2.643.2.2.46.0.1)
templateMajorVersion: 1
templateMinorVersion: 0
Extension (id-ce-cRLDistributionPoints)
Extension Id: 2.5.29.31 (id-ce-cRLDistributionPoints)
CRLDistPointsSyntax: 2 items
DistributionPoint
distributionPoint: fullName (0)
fullName: 1 item
GeneralName: uniformResourceIdentifier (6)
uniformResourceIdentifier: http://xxxxx.yyyyy.zz/cd...4b670a15aa8040de6e94.crl
DistributionPoint
distributionPoint: fullName (0)
fullName: 1 item
GeneralName: uniformResourceIdentifier (6)
uniformResourceIdentifier: http://xxxxx.yyyyy.zz/cd...4b670a15aa8040de6e94.crl
Extension (id-pe-authorityInfoAccess)
Extension Id: 1.3.6.1.5.5.7.1.1 (id-pe-authorityInfoAccess)
AuthorityInfoAccessSyntax: 2 items
AccessDescription
accessMethod: 1.3.6.1.5.5.7.48.2 (id-ad-caIssuers)
accessLocation: 6
uniformResourceIdentifier: http://xxxxx.yyyyy.zz/ai...4b670a15aa8040de6e94.crt
AccessDescription
accessMethod: 1.3.6.1.5.5.7.48.2 (id-ad-caIssuers)
accessLocation: 6
uniformResourceIdentifier: http://xxxxx.yyyyy.zz/ai...4b670a15aa8040de6e94.crt
Extension (id-ce-privateKeyUsagePeriod)
Extension Id: 2.5.29.16 (id-ce-privateKeyUsagePeriod)
PrivateKeyUsagePeriod
notBefore: 2019-03-19 11:15:49 (UTC)
notAfter: 2020-03-19 11:14:14 (UTC)
algorithmIdentifier (iso.2.643.7.1.1.3.2)
Algorithm Id: 1.2.643.7.1.1.3.2 (iso.2.643.7.1.1.3.2)
Padding: 0
encrypted: 788a869e69079d02e7f3884944abef389fba990190153907…
Handshake Protocol: Server Hello Done
Handshake Type: Server Hello Done (14)
Length: 0

И далее от клиента на сервер передается уведомление об ошибке:

Transport Layer Security
TLSv1 Record Layer: Alert (Level: Fatal, Description: Unexpected Message)
Content Type: Alert (21)
Version: TLS 1.0 (0x0301)
Length: 2
Alert Message
Level: Fatal (2)
Description: Unexpected Message (10)
Offline Санчир Момолдаев  
#2 Оставлено : 30 июля 2019 г. 4:29:23(UTC)
Санчир Момолдаев

Статус: Сотрудник

Группы: Модератор, Участники
Зарегистрирован: 03.12.2018(UTC)
Сообщений: 1,038
Российская Федерация

Сказал(а) «Спасибо»: 88 раз
Поблагодарили: 223 раз в 211 постах
1. предлагаю попробовать использовать stunnel https://www.cryptopro.ru/products/other/stunnel он организует гост tls трафик, а уже внутри него пропустить http запросы SoapUI
2. загружать KeyStore из доступных ключевых носителей указанных в п. 4.2. Типы ключевых носителей ЖТЯИ.00091-02 94 01-02. Описание реализации JCP
3. JAVA_PATH/bin/keytool ... JAVA_PATH/lib/security/cacerts

Отредактировано пользователем 30 июля 2019 г. 4:34:14(UTC)  | Причина: Не указана

Техническую поддержку оказываем тут
Наша база знаний
RSS Лента  Atom Лента
Пользователи, просматривающие эту тему
Быстрый переход  
Вы не можете создавать новые темы в этом форуме.
Вы не можете отвечать в этом форуме.
Вы не можете удалять Ваши сообщения в этом форуме.
Вы не можете редактировать Ваши сообщения в этом форуме.
Вы не можете создавать опросы в этом форуме.
Вы не можете голосовать в этом форуме.