[Thr 7684] CCL[SSL]: Srv-0000000C: Client requested for new session
[Thr 7684] CCL[SSL]: Srv-0000000C: Sending own certificate [ssl3_output_cert_chain]
[Thr 7684] CCL[SSL]: Srv-0000000C: Own TLS certificate
[Thr 7684] Subject :CN=*.wdf.sap.corp, OU=TDI, O=SAP, C=DE
[Thr 7684] Issuer :CN=SAPNetCA_G2, O=SAP, L=Walldorf, C=DE
[Thr 7684] Serial number :0x01125e
[Thr 7684] [ssl3_output_cert_chain]
[Thr 7684] CCL[SSL]: Srv-0000000C: CA certificate
[Thr 7684] Subject :CN=SAPNetCA_G2, O=SAP, L=Walldorf, C=DE
[Thr 7684] Issuer :CN=SAP Global Root CA, O=SAP AG, L=Walldorf, C=DE
[Thr 7684] Serial number :0x610e063700000000000c
[Thr 7684] [ssl3_output_cert_chain]
[Thr 7684] CCL[SSL]: Srv-0000000C: Requesting for client authentication. [ssl3_send_certificate_request]
[Thr 7684] CCL[SSL]: Srv-0000000C: Offering 2 certificate type(s) for client authentication:
[Thr 7684] rsa_sign(1)
[Thr 7684] ecdsa_sign(64)
[Thr 7684] [ssl3_get_req_cert_type]
[Thr 7684] CCL[SSL]: Srv-0000000C: Offering 2 trusted CA(s) for client authentication:
[Thr 7684] CA <0>: CN=private.root.ca, OU=TechEd2017, O=SAP, C=DE
[Thr 7684] CA <1>: CN=SAP Global Root CA, O=SAP AG, L=Walldorf, C=DE
Here are the certificates received from the client and their validation, still for the SSL handshake.
[Thr 7684] CCL[SSL]: Srv-0000000C: Received client certificate chain. [ssl3_decode_client_certificate]
[Thr 7684] CCL[SSL]: Srv-0000000C: Client certificate details
[Thr 7684] Subject :CN=vmw6281.wdf.sap.corp, OU=TechEd2017, O=SAP, C=DE
[Thr 7684] Issuer :CN=private.root.ca, OU=TechEd2017, O=SAP, C=DE
[Thr 7684] Serial number :0x03
[Thr 7684] [ssl3_decode_client_certificate]
[Thr 7684] CCL[VERIFY]: Srv-0000000C: Verification result of SSL client certificate (successful)
[Thr 7684] Verification result header
[Thr 7684] Verified certificate
[Thr 7684] Subject :CN=vmw6281.wdf.sap.corp, OU=TechEd2017, O=SAP, C=DE
[Thr 7684] Issuer :CN=private.root.ca, OU=TechEd2017, O=SAP, C=DE
[Thr 7684] Serial number :0x03
[Thr 7684] -----BEGIN CERTIFICATE-----
[…]
[Thr 7684] -----END CERTIFICATE-----
[Thr 7684] Used signer certificate
[Thr 7684] Subject :CN=private.root.ca, OU=TechEd2017, O=SAP, C=DE
[Thr 7684] Issuer :CN=private.root.ca, OU=TechEd2017, O=SAP, C=DE
[Thr 7684] Serial number :0x01
[Thr 7684] -----BEGIN CERTIFICATE-----
[…]
[Thr 7684] -----END CERTIFICATE-----
[Thr 7684] Certificate verification result
[Thr 7684] Certificate
[Thr 7684] Subject :CN=vmw6281.wdf.sap.corp, OU=TechEd2017, O=SAP, C=DE
[Thr 7684] Verification result
[Thr 7684] Status :Successful
[Thr 7684] SignerStatus :Successful
[Thr 7684] SignerVerificationResult
[Thr 7684] Element #1
[Thr 7684] Status :Successful
[Thr 7684] Validity :Successful
[Thr 7684] BasicConstraints :Successful
[Thr 7684] KeyUsage :Successful
[Thr 7684] ObjectStatus :Successful
[Thr 7684] SignerCert
[Thr 7684] Certificate
[Thr 7684] Subject :CN=private.root.ca, OU=TechEd2017, O=SAP, C=DE
[Thr 7684] Verification result
[Thr 7684] Status :Successful
[Thr 7684] DirectlyTrusted :Successful
[Thr 7684] Trust in PSE:
[Thr 7684] Token URI : tokpse:D:\usr\sap\TDI\D00\sec\SAPSSLS.pse
[Thr 7684] Trusted certificate : CN=*.wdf.sap.corp, OU=TDI, O=SAP, C=DE
[Thr 7684] Trusted certificate : CN=SAP Global Root CA, O=SAP AG, L=Walldorf, C=DE
[Thr 7684] Trusted certificate : CN=private.root.ca, OU=TechEd2017, O=SAP, C=DE
[Thr 7684] Forwarded Client certificate: subject="CN=I063866", issuer="CN=localca.cc.wdf.sap.corp, OU=TechEd2017, O=SAP, C=DE"
[…]
[Thr 7684] HTTP request [3/787/1] Accept trusted forwarded certificate (received via HTTPS with trusted certificate): subject="CN=I063866", issuer="CN=localca.cc.wdf.sap.corp, OU=TechEd2017, O=SAP, C=DE"
[Thr 7988] HTTP response (raw) [3/787/1]:
[Thr 7988] HTTP/1.1 200 OK
[Thr 4324] HttpModIsReverseProxyTrustworthy: client did not sent any cert ->intermediate not trustworthy
[Thr 4324] HttpModGetDefRules: intermediary is NOT trusted -> remove SSL header fields
[Thr 4324] HTTP request [2/890/1] Reject untrusted forwarded certificate (received via HTTPS without certificate): subject="CN=I063866", issuer="CN=localca.cc.wdf.sap.corp, OU=TechEd2017, O=SAP, C=DE"
[Thr 4324] HTTP response (raw) [2/890/1]:
[Thr 4324] HTTP/1.1 401 Unauthorized
[Thr 6136] HTTP response (raw) [3/1346/1]:
[Thr 6136] HTTP/1.1 401 Unauthorized
[Thr 5036] HTTP response (raw) [1/12/1]:
[Thr 5036] HTTP/1.1 401 Unauthorized
[Thr 5036] HttpModGetDefRules: Client certificate received: with len=1061, subj="CN=vmw6281.wdf.sap.corp, OU=TechEd2017, O=SAP, C=DE", issuer="CN=private.root.ca, OU=TechEd2017, O=SAP, C=DE", cipher="TLS_RSA_WITH_AES128_GCM_SHA256"
[Thr 5036] HttpModIsReverseProxyTrustworthy: intermediate cert issuer "CN=private.root.ca, OU=TechEd2017, O=SAP, C=DE" does not match trusted issuer "CN=localca.cc.wdf.sap.corp, OU=TechEd2017, O=SAP, C=DE"
[Thr 5036] HttpModGetDefRules: intermediary is NOT trusted -> remove SSL header fields
[Thr 5036] HTTP request [1/12/1] Reject untrusted forwarded certificate (received via HTTPS with untrusted certificate): subject="CN=I063866", issuer="CN=localca.cc.wdf.sap.corp, OU=TechEd2017, O=SAP, C=DE"
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
11 | |
11 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
6 | |
6 |