CertificateAuthorityCertificate.pem is expired #217

Closed
igorigorigorigor opened this Issue Feb 10, 2016 · 9 comments

Projects

None yet

3 participants

@igorigorigorigor igorigorigorigor changed the title from CertificateAuthorityCertificate is expired to CertificateAuthorityCertificate.pem is expired Feb 10, 2016
@jamesdbloom
Owner

I re-created the certificates, however as far as I was aware the expiry date was set for the maximum value supported

@jamesdbloom
Owner

Hopefully this will fix it, if not please add a comment

@igorigorigorigor

Hi, @jamesdbloom
The certificate is still not valid. Expiration date - 20.01.16.

@jamesdbloom
Owner

What tool are you using to see this as java keytool shows the following output:

Alias name: mockserver-ca
Creation date: 17-Jun-2015
Entry type: trustedCertEntry

Owner: C=UK, ST=England, L=London, O=MockServer, CN=www.mockserver.com
Issuer: C=UK, ST=England, L=London, O=MockServer, CN=www.mockserver.com
Serial number: -5d993ef8
Valid from: Fri May 09 07:08:04 BST 2014 until: Fri Dec 31 23:59:59 GMT 9999
Certificate fingerprints:
     MD5:  5F:ED:47:3E:A9:64:36:38:A4:BD:AA:4C:70:38:58:04
     SHA1: 4B:6E:0A:FE:12:6A:CE:9D:CF:1A:F3:E4:7E:C1:7A:C7:9D:D2:8D:6A
     SHA256: C9:20:5C:A8:9E:0F:66:9C:F6:A6:47:67:06:9A:72:C1:55:CF:F4:30:21:5E:B0:58:31:C5:A5:0F:35:E4:23:CF
     Signature algorithm name: SHA256withRSA
     Version: 3

This clearly shows the key is valid until Fri Dec 31 23:59:59 GMT 9999

@igorigorigorigor

@jamesdbloom I've converted certificate using the following command:
openssl x509 -outform der -in CertificateAuthorityCertificate.pem -out CertificateAuthorityCertificate.crt
Then I've added the .crt file to android trusted certificates. There it shows the expiration date 1/20/16
yeck9mgpu7m

@jamesdbloom
Owner

Unfortunately your tool is stripping off the first two digits of the year field which is 2116, therefore the certificate is not actually expired as it has 1 month less than 100 years, as shown in the attached screenshot.

screen shot 2016-02-18 at 16 36 18

@jamesdbloom
Owner

I'm going to close this ticket as I believe it is now resolved, re-open if you feel there is still an issue.

@igorigorigorigor

@jamesdbloom Ok. Thanks for explanation.

@NobleWong

Hi James,

I think the new certificate is broken. However, my tests are working with the previous version at https://raw.githubusercontent.com/jamesdbloom/mockserver/e6d0f8ad302cb6e066a4e0881ea4d1e2ef3484e7/mockserver-core/src/main/resources/org/mockserver/socket/CertificateAuthorityCertificate.pem

Noble

    at org.gradle.api.internal.tasks.testing.junit.JUnitTestClassExecuter.runTestClass(JUnitTestClassExecuter.java:86)
    at org.gradle.api.internal.tasks.testing.junit.JUnitTestClassExecuter.execute(JUnitTestClassExecuter.java:49)
    at org.gradle.api.internal.tasks.testing.junit.JUnitTestClassProcessor.processTestClass(JUnitTestClassProcessor.java:64)
    at org.gradle.api.internal.tasks.testing.SuiteTestClassProcessor.processTestClass(SuiteTestClassProcessor.java:50)
    at sun.reflect.GeneratedMethodAccessor40.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:497)
    at org.gradle.messaging.dispatch.ReflectionDispatch.dispatch(ReflectionDispatch.java:35)
    at org.gradle.messaging.dispatch.ReflectionDispatch.dispatch(ReflectionDispatch.java:24)
    at org.gradle.messaging.dispatch.ContextClassLoaderDispatch.dispatch(ContextClassLoaderDispatch.java:32)
    at org.gradle.messaging.dispatch.ProxyDispatchAdapter$DispatchingInvocationHandler.invoke(ProxyDispatchAdapter.java:93)
    at com.sun.proxy.$Proxy2.processTestClass(Unknown Source)
    at org.gradle.api.internal.tasks.testing.worker.TestWorker.processTestClass(TestWorker.java:106)
    at sun.reflect.GeneratedMethodAccessor39.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:497)
    at org.gradle.messaging.dispatch.ReflectionDispatch.dispatch(ReflectionDispatch.java:35)
    at org.gradle.messaging.dispatch.ReflectionDispatch.dispatch(ReflectionDispatch.java:24)
    at org.gradle.messaging.remote.internal.hub.MessageHub$Handler.run(MessageHub.java:360)
    at org.gradle.internal.concurrent.DefaultExecutorFactory$StoppableExecutorImpl$1.run(DefaultExecutorFactory.java:64)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1937)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1478)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:212)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:914)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1050)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375)
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:290)
    at org.apache.http.impl.conn.HttpClientConnectionOperator.upgrade(HttpClientConnectionOperator.java:175)
    at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.upgrade(PoolingHttpClientConnectionManager.java:334)
    at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:398)
    at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219)
    at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195)
    at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86)
    at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:57)
    at com.demandware.wa.core.HttpClientRequestor.getURL(HttpClientRequestor.java:137)
    ... 48 more
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
    at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:352)
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:260)
    at sun.security.validator.Validator.validate(Validator.java:260)
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:105)
    at org.apache.http.conn.ssl.SSLContextBuilder$TrustManagerDelegate.checkServerTrusted(SSLContextBuilder.java:190)
    at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSLContextImpl.java:922)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1460)
    ... 67 more
Caused by: java.security.cert.CertPathValidatorException: signature check failed
    at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:129)
    at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:212)
    at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:140)
    at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:79)
    at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292)
    at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:347)
    ... 75 more
Caused by: java.security.SignatureException: Signature does not match.
    at sun.security.x509.X509CertImpl.verify(X509CertImpl.java:424)
    at sun.security.provider.certpath.BasicChecker.verifySignature(BasicChecker.java:166)
    at sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:147)
    at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:119)
    ... 80 more
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment