Skip to content

Instantly share code, notes, and snippets.

@kitplummer

kitplummer/keystore list

Last active August 29, 2015 14:02
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save kitplummer/3cd2e17d2d61e2ef6017 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save kitplummer/3cd2e17d2d61e2ef6017 to your computer and use it in GitHub Desktop.
Download ZIP
OpenDJ Startup Logs
Raw
gistfile1.txt
==> errors <==
[13/Jun/2014:16:08:26 -0500] category=CORE severity=NOTICE msgID=458891 msg=The Directory Server has sent an alert notification generated by class org.opends.server.core.DirectoryServer (alert type org.opends.server.DirectoryServerShutdown, alert ID 458893): The Directory Server has started the shutdown process. The shutdown was initiated by an instance of class org.opends.server.core.DirectoryServerShutdownHook and the reason provided for the shutdown was The Directory Server shutdown hook detected that the JVM is shutting down. This generally indicates that JVM received an external request to stop (e.g., through a kill signal)
[13/Jun/2014:16:08:29 -0500] category=BACKEND severity=NOTICE msgID=9896306 msg=The backend userRoot is now taken offline
[13/Jun/2014:16:08:29 -0500] category=CORE severity=NOTICE msgID=458955 msg=The Directory Server is now stopped
tail: server.out: file truncated
[13/Jun/2014:16:08:37 -0500] category=EXTENSIONS severity=NOTICE msgID=1507899 msg=Loaded extension from file '/opt/opendj/lib/extensions/snmp-mib2605.jar' (build 2.7.0-20140306, revision 10483)
[13/Jun/2014:16:08:37 -0500] category=CORE severity=NOTICE msgID=458886 msg=OpenDJ 2.7.0-20140306 (build 20140306010050Z, R10483) starting up
[13/Jun/2014:16:08:39 -0500] category=RUNTIME_INFORMATION severity=NOTICE msgID=20381717 msg=Installation Directory: /opt/opendj
==> errors <==
[13/Jun/2014:16:08:39 -0500] category=RUNTIME_INFORMATION severity=NOTICE msgID=20381717 msg=Installation Directory: /opt/opendj
==> server.out <==
[13/Jun/2014:16:08:39 -0500] category=RUNTIME_INFORMATION severity=NOTICE msgID=20381719 msg=Instance Directory: /opt/opendj
==> errors <==
[13/Jun/2014:16:08:39 -0500] category=RUNTIME_INFORMATION severity=NOTICE msgID=20381719 msg=Instance Directory: /opt/opendj
==> server.out <==
[13/Jun/2014:16:08:39 -0500] category=RUNTIME_INFORMATION severity=NOTICE msgID=20381713 msg=JVM Information: 1.7.0_55-mockbuild_2014_04_16_12_11-b00 by Oracle Corporation, 64-bit architecture, 3717201920 bytes heap size
==> errors <==
[13/Jun/2014:16:08:39 -0500] category=RUNTIME_INFORMATION severity=NOTICE msgID=20381713 msg=JVM Information: 1.7.0_55-mockbuild_2014_04_16_12_11-b00 by Oracle Corporation, 64-bit architecture, 3717201920 bytes heap size
==> server.out <==
[13/Jun/2014:16:08:39 -0500] category=RUNTIME_INFORMATION severity=NOTICE msgID=20381714 msg=JVM Host: fozzie.airgap.us, running Linux 2.6.32-431.el6.x86_64 amd64, 16721997824 bytes physical memory size, number of processors available 8
==> errors <==
[13/Jun/2014:16:08:39 -0500] category=RUNTIME_INFORMATION severity=NOTICE msgID=20381714 msg=JVM Host: fozzie.airgap.us, running Linux 2.6.32-431.el6.x86_64 amd64, 16721997824 bytes physical memory size, number of processors available 8
==> server.out <==
[13/Jun/2014:16:08:39 -0500] category=RUNTIME_INFORMATION severity=NOTICE msgID=20381715 msg=JVM Arguments: "-Djavax.net.debug=all", "-Dorg.opends.server.scriptName=start-ds"
==> errors <==
[13/Jun/2014:16:08:39 -0500] category=RUNTIME_INFORMATION severity=NOTICE msgID=20381715 msg=JVM Arguments: "-Djavax.net.debug=all", "-Dorg.opends.server.scriptName=start-ds"
==> server.out <==
[13/Jun/2014:16:08:40 -0500] category=JEB severity=NOTICE msgID=8847402 msg=The database backend userRoot containing 0 entries has started
==> errors <==
[13/Jun/2014:16:08:40 -0500] category=JEB severity=NOTICE msgID=8847402 msg=The database backend userRoot containing 0 entries has started
==> server.out <==
[13/Jun/2014:16:08:41 -0500] category=EXTENSIONS severity=NOTICE msgID=1507549 msg=DIGEST-MD5 SASL mechanism using a server fully qualified domain name of: fozzie.airgap.us
==> errors <==
[13/Jun/2014:16:08:41 -0500] category=EXTENSIONS severity=NOTICE msgID=1507549 msg=DIGEST-MD5 SASL mechanism using a server fully qualified domain name of: fozzie.airgap.us
==> server.out <==
***
found key for : admin-cert
chain [0] = [
[
Version: V3
Subject: CN=fozzie.airgap.us, O=Administration Connector Self-Signed Certificate
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 90413997681536732701759348143201138832927774483696401130987588850194255416344059157505594561209732561144974087103886166039717537665756345056307707509072036574194655195602683247830394350132033302939560630185311467838457169826696933823436239453055345853985180996720650585156613209942356523168363687489005068853
public exponent: 65537
Validity: [From: Thu Jun 12 18:43:47 GMT-05:00 2014,
To: Wed Jun 07 18:43:47 GMT-05:00 2034]
Issuer: CN=fozzie.airgap.us, O=Administration Connector Self-Signed Certificate
SerialNumber: [ 21622267]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 71 40 CC 16 5D AD 22 66 FE D1 C1 8A 81 7D 6C 62 q@..]."f......lb
0010: 35 3D 16 98 14 0E 78 80 2D B2 DB 8F 6F 78 40 17 5=....x.-...ox@.
...
0070: 3F 1B 5E 8E 37 41 13 A0 17 99 1F 4D 65 BE 0B B1 ?.^.7A.....Me...
]
***
adding as trusted cert:
Subject: CN=fozzie.ag.us, O=Administration Connector Self-Signed Certificate
Issuer: CN=fozzie.ag.us, O=Administration Connector Self-Signed Certificate
Algorithm: RSA; Serial number: 0x21622267
Valid from Thu Jun 12 18:43:47 GMT-05:00 2014 until Wed Jun 07 18:43:47 GMT-05:00 2034
trigger seeding of SecureRandom
done seeding SecureRandom
Using SSLEngineImpl.
adding as trusted cert:
Subject: CN=*.ag.us, O=**** LLC, L=****, ST=****, C=US
Issuer: CN=DigiCert Secure Server CA, O=DigiCert Inc, C=US
Algorithm: RSA; Serial number: 0x83a4bc8d9dec27ef6335e70a22e57a6
Valid from Sun Dec 29 19:00:00 GMT-05:00 2013 until Wed Jan 07 07:00:00 GMT-05:00 2015
adding as trusted cert:
Subject: CN=DigiCert Secure Server CA, O=DigiCert Inc, C=US
Issuer: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Algorithm: RSA; Serial number: 0x69e1db77fcf1dfba97af5e5c9a24037
Valid from Fri Mar 08 07:00:00 GMT-05:00 2013 until Wed Mar 08 07:00:00 GMT-05:00 2023
trigger seeding of SecureRandom
done seeding SecureRandom
Using SSLEngineImpl.
adding as trusted cert:
Subject: CN=*.ag.us, O=**** LLC, L=****, ST=****, C=US
Issuer: CN=DigiCert Secure Server CA, O=DigiCert Inc, C=US
Algorithm: RSA; Serial number: 0x83a4bc8d9dec27ef6335e70a22e57a6
Valid from Sun Dec 29 19:00:00 GMT-05:00 2013 until Wed Jan 07 07:00:00 GMT-05:00 2015
adding as trusted cert:
Subject: CN=DigiCert Secure Server CA, O=DigiCert Inc, C=US
Issuer: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Algorithm: RSA; Serial number: 0x69e1db77fcf1dfba97af5e5c9a24037
Valid from Fri Mar 08 07:00:00 GMT-05:00 2013 until Wed Mar 08 07:00:00 GMT-05:00 2023
trigger seeding of SecureRandom
done seeding SecureRandom
Using SSLEngineImpl.
[13/Jun/2014:16:08:41 -0500] category=PROTOCOL severity=NOTICE msgID=2556180 msg=Started listening for new connections on Administration Connector 0.0.0.0 port 4444
==> errors <==
[13/Jun/2014:16:08:41 -0500] category=PROTOCOL severity=NOTICE msgID=2556180 msg=Started listening for new connections on Administration Connector 0.0.0.0 port 4444
==> server.out <==
[13/Jun/2014:16:08:41 -0500] category=PROTOCOL severity=NOTICE msgID=2556180 msg=Started listening for new connections on LDAP Connection Handler 0.0.0.0 port 1389
==> errors <==
[13/Jun/2014:16:08:41 -0500] category=PROTOCOL severity=NOTICE msgID=2556180 msg=Started listening for new connections on LDAP Connection Handler 0.0.0.0 port 1389
==> server.out <==
[13/Jun/2014:16:08:41 -0500] category=PROTOCOL severity=NOTICE msgID=2556180 msg=Started listening for new connections on LDAPS Connection Handler 0.0.0.0 port 1636
==> errors <==
[13/Jun/2014:16:08:41 -0500] category=PROTOCOL severity=NOTICE msgID=2556180 msg=Started listening for new connections on LDAPS Connection Handler 0.0.0.0 port 1636
==> server.out <==
[13/Jun/2014:16:08:41 -0500] category=CORE severity=NOTICE msgID=458887 msg=The Directory Server has started successfully
==> errors <==
[13/Jun/2014:16:08:41 -0500] category=CORE severity=NOTICE msgID=458887 msg=The Directory Server has started successfully
==> server.out <==
[13/Jun/2014:16:08:41 -0500] category=CORE severity=NOTICE msgID=458891 msg=The Directory Server has sent an alert notification generated by class org.opends.server.core.DirectoryServer (alert type org.opends.server.DirectoryServerStarted, alert ID 458887): The Directory Server has started successfully
==> errors <==
[13/Jun/2014:16:08:41 -0500] category=CORE severity=NOTICE msgID=458891 msg=The Directory Server has sent an alert notification generated by class org.opends.server.core.DirectoryServer (alert type org.opends.server.DirectoryServerStarted, alert ID 458887): The Directory Server has started successfully
==> server.out <==
Using SSLEngineImpl.
==> access <==
[13/Jun/2014:16:09:04 -0500] CONNECT conn=0 from=127.0.0.1:55191 to=127.0.0.1:1636 protocol=LDAPS
==> server.out <==
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for SSLv2Hello
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for SSLv3
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for SSLv3
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
[Raw read]: length = 5
0000: 16 03 01 00 A3 .....
[Raw read]: length = 163
0000: 01 00 00 9F 03 01 53 9B 68 71 F5 A2 61 9D FE A4 ......S.hq..a...
0010: 88 1F 16 46 65 DE AE 16 9A 5C 93 57 DF 22 C6 D0 ...Fe....\.W."..
...
0080: 0B 00 0C 00 19 00 0D 00 0E 00 0F 00 10 00 11 00 ................
0090: 02 00 12 00 04 00 05 00 14 00 08 00 16 00 0B 00 ................
00A0: 02 01 00 ...
LDAP Request Handler 0 for connection handler LDAPS Connection Handler 0.0.0.0 port 1636, READ: TLSv1 Handshake, length = 163
*** ClientHello, TLSv1
RandomCookie: GMT: 1385916529 bytes = { 245, 162, 97, 157, 254, 164, 136, 31, 22, 70, 101, 222, 174, 22, 154, 92, 147, 87, 223, 34, 198, 208, 236, 93, 50, 151, 114, 24 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
***
[read] MD5 and SHA1 hashes: len = 163
0000: 01 00 00 9F 03 01 53 9B 68 71 F5 A2 61 9D FE A4 ......S.hq..a...
0010: 88 1F 16 46 65 DE AE 16 9A 5C 93 57 DF 22 C6 D0 ...Fe....\.W."..
0020: EC 5D 32 97 72 18 00 00 38 C0 0A C0 14 00 35 C0 .]2.r...8.....5.
...
0090: 02 00 12 00 04 00 05 00 14 00 08 00 16 00 0B 00 ................
00A0: 02 01 00 ...
%% Initialized: [Session-1, SSL_NULL_WITH_NULL_NULL]
LDAP Request Handler 0 for connection handler LDAPS Connection Handler 0.0.0.0 port 1636, fatal error: 40: no cipher suites in common
javax.net.ssl.SSLHandshakeException: no cipher suites in common
%% Invalidated: [Session-1, SSL_NULL_WITH_NULL_NULL]
LDAP Request Handler 0 for connection handler LDAPS Connection Handler 0.0.0.0 port 1636, SEND TLSv1 ALERT: fatal, description = handshake_failure
LDAP Request Handler 0 for connection handler LDAPS Connection Handler 0.0.0.0 port 1636, WRITE: TLSv1 Alert, length = 2
LDAP Request Handler 0 for connection handler LDAPS Connection Handler 0.0.0.0 port 1636, fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: no cipher suites in common
==> access <==
[13/Jun/2014:16:09:05 -0500] DISCONNECT conn=0 reason="I/O Error" msg="An IO error occurred while reading a request from the client: javax.net.ssl.SSLHandshakeException: no cipher suites in common"
==> server.out <==
LDAP Connection Finalizer for connection handler LDAPS Connection Handler 0.0.0.0 port 1636 0, called closeOutbound()
LDAP Connection Finalizer for connection handler LDAPS Connection Handler 0.0.0.0 port 1636 0, closeOutboundInternal()
LDAP Connection Finalizer for connection handler LDAPS Connection Handler 0.0.0.0 port 1636 0, called closeInbound()
LDAP Connection Finalizer for connection handler LDAPS Connection Handler 0.0.0.0 port 1636 0, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
Raw
keystore list
[root@fozzie config]# keytool -list -keystore keystore -storepass `cat keystore.pin`
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 3 entries
ca-key, Jun 13, 2014, trustedCertEntry,
Certificate fingerprint (SHA1): F9:AE:40:CC:BB:DA:47:95:E5:8A:C5:D2:03:BF:B7:BD:33:1B:81:E8
ca-cert, Jun 13, 2014, trustedCertEntry,
Certificate fingerprint (SHA1): F9:AE:40:CC:BB:DA:47:95:E5:8A:C5:D2:03:BF:B7:BD:33:1B:81:E8
server-cert, Jun 13, 2014, trustedCertEntry,
Certificate fingerprint (SHA1): 3A:64:67:69:0F:5A:15:48:9E:DB:19:A1:98:79:11:16:C6:60:74:36
Raw
truststore list
[root@fozzie config]# keytool -list -keystore truststore -storepass `cat keystore.pin`
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 2 entries
ca-cert, Jun 13, 2014, trustedCertEntry,
Certificate fingerprint (SHA1): F9:AE:40:CC:BB:DA:47:95:E5:8A:C5:D2:03:BF:B7:BD:33:1B:81:E8
server-cert, Jun 13, 2014, trustedCertEntry,
Certificate fingerprint (SHA1): 3A:64:67:69:0F:5A:15:48:9E:DB:19:A1:98:79:11:16:C6:60:74:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment