Need help with Riak-KV (2.1.4) certificate based authentication using Java client

Nguyen, Kyle kyle.nguyen at philips.com
Wed Aug 31 18:11:09 EDT 2016


Hi Luke,

I am getting the following information:

osboxes at osboxes:/etc/riak$ openssl s_client -debug -connect 10.0.2.15:8088
CONNECTED(00000003)
write to 0x24244c0 [0x2424a60] (295 bytes => 295 (0x127))
0000 - 16 03 01 01 22 01 00 01-1e 03 03 d8 cb 68 b8 45   ...."........h.E
0010 - 9a c3 54 21 86 7e 1a f5-de 11 08 41 74 6c d2 0e   ..T!.~.....Atl..
0020 - 00 47 29 ec ba 05 40 f4-99 cd 0a 00 00 88 c0 30   .G)... at ........0
0030 - c0 2c c0 28 c0 24 c0 14-c0 0a 00 a3 00 9f 00 6b   .,.(.$.........k
0040 - 00 6a 00 39 00 38 00 88-00 87 c0 32 c0 2e c0 2a   .j.9.8.....2...*
0050 - c0 26 c0 0f c0 05 00 9d-00 3d 00 35 00 84 c0 12   .&.......=.5....
0060 - c0 08 00 16 00 13 c0 0d-c0 03 00 0a c0 2f c0 2b   ............./.+
0070 - c0 27 c0 23 c0 13 c0 09-00 a2 00 9e 00 67 00 40   .'.#.........g.@
0080 - 00 33 00 32 00 9a 00 99-00 45 00 44 c0 31 c0 2d   .3.2.....E.D.1.-
0090 - c0 29 c0 25 c0 0e c0 04-00 9c 00 3c 00 2f 00 96   .).%.......<./..
00a0 - 00 41 c0 11 c0 07 c0 0c-c0 02 00 05 00 04 00 15   .A..............
00b0 - 00 12 00 09 00 ff 01 00-00 6d 00 0b 00 04 03 00   .........m......
00c0 - 01 02 00 0a 00 34 00 32-00 0e 00 0d 00 19 00 0b   .....4.2........
00d0 - 00 0c 00 18 00 09 00 0a-00 16 00 17 00 08 00 06   ................
00e0 - 00 07 00 14 00 15 00 04-00 05 00 12 00 13 00 01   ................
00f0 - 00 02 00 03 00 0f 00 10-00 11 00 23 00 00 00 0d   ...........#....
0100 - 00 20 00 1e 06 01 06 02-06 03 05 01 05 02 05 03   . ..............
0110 - 04 01 04 02 04 03 03 01-03 02 03 03 02 01 02 02   ................
0120 - 02 03 00 0f 00 01 01                              .......
read from 0x24244c0 [0x2429fc0] (7 bytes => 7 (0x7))
0000 - 16 03 03 00 4a 02                                 ....J.
0007 - <SPACES/NULS>
read from 0x24244c0 [0x2429fca] (72 bytes => 72 (0x48))
0000 - 00 46 03 03 57 c7 55 ad-6b 0b b8 4a 67 80 b8 f1   .F..W.U.k..Jg...
0010 - 82 1d 62 43 b0 b3 91 7b-b1 4b 51 8d 89 e2 a2 5d   ..bC...{.KQ....]
0020 - dc 47 81 8e 20 d5 56 e6-a1 91 0d 37 55 58 b3 fd   .G.. .V....7UX..
0030 - a7 a6 9a 16 e6 59 07 33-6f 84 b0 02 dd 6a b2 bd   .....Y.3o....j..
0040 - 47 ca d2 da 3a 00 3c                              G...:.<
0048 - <SPACES/NULS>
read from 0x24244c0 [0x2429fc3] (5 bytes => 5 (0x5))
0000 - 16 03 03 07 18                                    .....
read from 0x24244c0 [0x2429fc8] (1816 bytes => 1816 (0x718))
0000 - 0b 00 07 14 00 07 11 00-03 20 30 82 03 1c 30 82   ......... 0...0.
0010 - 02 04 a0 03 02 01 02 02-02 13 77 30 0d 06 09 2a   ..........w0...*
0020 - 86 48 86 f7 0d 01 01 0b-05 00 30 5a 31 0b 30 09   .H........0Z1.0.
0030 - 06 03 55 04 06 13 02 55-53 31 13 30 11 06 03 55   ..U....US1.0...U
0040 - 04 08 13 0a 57 61 73 68-69 6e 67 74 6f 6e 31 10   ....Washington1.
0050 - 30 0e 06 03 55 04 07 13-07 53 65 61 74 74 6c 65   0...U....Seattle
0060 - 31 24 30 22 06 03 55 04-0a 13 1b 67 65 74 61 43   1$0"..U....getaC
0070 - 65 72 74 20 2d 20 77 77-77 2e 67 65 74 61 63 65   ert - www.getace
0080 - 72 74 2e 63 6f 6d 30 1e-17 0d 31 36 30 38 32 32   rt.com0...160822
0090 - 32 32 34 32 34 30 5a 17-0d 31 36 31 30 32 31 32   224240Z..1610212
00a0 - 32 34 32 34 30 5a 30 19-31 17 30 15 06 03 55 04   24240Z0.1.0...U.
00b0 - 03 0c 0e 72 69 61 6b 40-31 32 37 2e 30 2e 30 2e   ...riak at 127.0.0.
00c0 - 31 30 82 01 22 30 0d 06-09 2a 86 48 86 f7 0d 01   10.."0...*.H....
00d0 - 01 01 05 00 03 82 01 0f-00 30 82 01 0a 02 82 01   .........0......
00e0 - 01 00 89 61 17 00 0d 7d-de 42 bf f6 35 71 ef bf   ...a...}.B..5q..
00f0 - ef de 0a d7 6b 3a 30 69-80 f8 a1 47 3b f1 29 3a   ....k:0i...G;.):
0100 - 09 f0 1c f2 46 91 97 2a-c8 ca f6 64 fb 2c fc c6   ....F..*...d.,..
0110 - 69 d9 5a 12 ff 51 59 44-b5 89 17 45 38 c9 dd cf   i.Z..QYD...E8...
0120 - 11 08 21 77 df 64 d6 e4-2e 0b 54 97 dd 87 e9 74   ..!w.d....T....t
0130 - c9 73 9f 07 87 6c 9b 37-c9 f5 2e bb 3c c4 fa a7   .s...l.7....<...
0140 - 01 88 a2 3f f8 92 18 5b-1e e2 ca 8e e0 b0 a3 c8   ...?...[........
0150 - 8f 8d 90 6c da 6d 5a 83-1c 07 5c 50 40 67 1f 4d   ...l.mZ...\P at g.M
0160 - 38 18 1d 08 a9 bf 34 32-b7 aa cc 7a d0 26 80 21   8.....42...z.&.!
0170 - ee 25 f0 f4 55 c9 5e 96-29 83 32 b7 d9 b7 f8 7e   .%..U.^.).2....~
0180 - 6f 11 7c f8 eb dd 3b 05-b9 2e f2 0b 29 1a f5 23   o.|...;.....)..#
0190 - 2f 9d 71 a5 77 9e bf ca-2c 34 b1 6b 10 03 b1 1d   /.q.w...,4.k....
01a0 - 16 23 12 3c e5 65 5a ab-a3 1c 1d 05 fb f4 d0 b0   .#.<.eZ.........
01b0 - a1 f8 0f ec 71 a5 a9 27-96 e2 04 81 50 f4 5d 51   ....q..'....P.]Q
01c0 - 55 32 2e 10 87 ec 8d 2c-9f 5c ef de f9 96 29 25   U2.....,.\....)%
01d0 - 24 ab 7f 01 56 bf 67 92-ac 34 0f 95 ea 50 15 aa   $...V.g..4...P..
01e0 - 72 0d 02 03 01 00 01 a3-2d 30 2b 30 09 06 03 55   r.......-0+0...U
01f0 - 1d 13 04 02 30 00 30 11-06 09 60 86 48 01 86 f8   ....0.0...`.H...
0200 - 42 01 01 04 04 03 02 04-f0 30 0b 06 03 55 1d 0f   B........0...U..
0210 - 04 04 03 02 05 20 30 0d-06 09 2a 86 48 86 f7 0d   ..... 0...*.H...
0220 - 01 01 0b 05 00 03 82 01-01 00 68 7a 98 cb c4 dd   ..........hz....
0230 - 08 b3 c0 d4 06 c8 be 5f-e3 29 de 80 b6 91 ee 11   ......._.)......
0240 - 3e 4d dd 8f 68 4b ad cb-fd ad 23 6c b8 68 29 0a   >M..hK....#l.h).
0250 - 57 e4 7f 4d 36 43 90 5a-59 f8 cb f7 65 9c 9f cc   W..M6C.ZY...e...
0260 - 40 ab 11 d7 86 99 23 2a-45 b6 0c 0f fb 87 4e 23   @.....#*E.....N#
0270 - 19 18 18 ea 72 bb 15 a6-9e 54 06 d7 6b 21 64 64   ....r....T..k!dd
0280 - 27 89 0c 87 25 54 63 f8-29 ea b6 13 a2 6a 89 59   '...%Tc.)....j.Y
0290 - ca f4 df 0d 24 23 d8 41-25 46 29 27 b4 e8 db 57   ....$#.A%F)'...W
02a0 - 99 18 bd 16 ab 3f 1d 68-54 43 41 aa 07 c0 f2 45   .....?.hTCA....E
02b0 - 7b 6a 80 69 ca 3e 94 9a-8c 73 ff 21 c0 0b 95 30   {j.i.>...s.!...0
02c0 - 9d 7e 4e 7d f8 7d 65 3a-b5 46 0f 48 1a 2c bf 36   .~N}.}e:.F.H.,.6
02d0 - 73 31 1f 74 8d f5 4a ec-01 85 19 8f f9 72 ef 87   s1.t..J......r..
02e0 - 6c 3c 19 94 00 87 4e 9f-57 0c 9a d1 db 1b 4b 03   l<....N.W.....K.
02f0 - cc 42 d5 9b 54 50 b0 46-d0 22 10 52 9b 79 7e 2c   .B..TP.F.".R.y~,
0300 - 63 74 8e 20 e2 73 91 02-e3 9d de f5 53 77 eb d1   ct. .s......Sw..
0310 - 0e 29 58 72 91 62 51 f8-19 d9 39 33 27 36 35 84   .)Xr.bQ...93'65.
0320 - 49 4d 04 53 36 5c dc 19-4f 0d 00 03 eb 30 82 03   IM.S6\..O....0..
0330 - e7 30 82 02 cf a0 03 02-01 02 02 02 07 b2 30 0d   .0............0.
0340 - 06 09 2a 86 48 86 f7 0d-01 01 04 05 00 30 5a 31   ..*.H........0Z1
0350 - 0b 30 09 06 03 55 04 06-13 02 55 53 31 13 30 11   .0...U....US1.0.
0360 - 06 03 55 04 08 13 0a 57-61 73 68 69 6e 67 74 6f   ..U....Washingto
0370 - 6e 31 10 30 0e 06 03 55-04 07 13 07 53 65 61 74   n1.0...U....Seat
0380 - 74 6c 65 31 24 30 22 06-03 55 04 0a 13 1b 67 65   tle1$0"..U....ge
0390 - 74 61 43 65 72 74 20 2d-20 77 77 77 2e 67 65 74   taCert - www.get
03a0 - 61 63 65 72 74 2e 63 6f-6d 30 1e 17 0d 30 34 30   acert.com0...040
03b0 - 31 30 36 32 32 31 34 35-35 5a 17 0d 33 31 30 35   106221455Z..3105
03c0 - 30 37 32 32 31 34 35 35-5a 30 5a 31 0b 30 09 06   07221455Z0Z1.0..
03d0 - 03 55 04 06 13 02 55 53-31 13 30 11 06 03 55 04   .U....US1.0...U.
03e0 - 08 13 0a 57 61 73 68 69-6e 67 74 6f 6e 31 10 30   ...Washington1.0
03f0 - 0e 06 03 55 04 07 13 07-53 65 61 74 74 6c 65 31   ...U....Seattle1
0400 - 24 30 22 06 03 55 04 0a-13 1b 67 65 74 61 43 65   $0"..U....getaCe
0410 - 72 74 20 2d 20 77 77 77-2e 67 65 74 61 63 65 72   rt - www.getacer
0420 - 74 2e 63 6f 6d 30 82 01-22 30 0d 06 09 2a 86 48   t.com0.."0...*.H
0430 - 86 f7 0d 01 01 01 05 00-03 82 01 0f 00 30 82 01   .............0..
0440 - 0a 02 82 01 01 00 a3 90-48 3c 6a 29 17 8b ef 01   ........H<j)....
0450 - f6 41 b9 a5 b7 c9 13 12-21 b5 6c 46 7a 76 c2 f6   .A......!.lFzv..
0460 - 13 0b 03 8b 3f 4d a2 7f-c5 c9 5d 97 77 84 2d 3d   ....?M....].w.-=
0470 - 55 ad dc 36 60 b2 f6 94-5a 5d 71 64 8f 57 06 45   U..6`...Z]qd.W.E
0480 - 1b cb bc 3e 9d fb b3 1a-ac 13 46 e6 b3 10 03 b6   ...>......F.....
0490 - 1a 71 8a da 28 b2 e1 4b-09 a0 24 32 3e 8f 18 bf   .q..(..K..$2>...
04a0 - 8c 99 96 e6 65 a2 7c 50-e4 92 2d 89 57 af f0 da   ....e.|P..-.W...
04b0 - 3b f7 9e d4 e3 ad e5 38-6f bc 9e 6d 3a 11 a4 da   ;......8o..m:...
04c0 - c4 c3 a5 6e ba 03 04 19-50 fc 9f 97 5f bf ed 64   ...n....P..._..d
04d0 - a3 9c 88 0a 63 07 3f 8b-72 93 30 de ac 01 5f f6   ....c.?.r.0..._.
04e0 - eb ff fa f5 80 84 98 f5-6c 81 a5 9d 9c 03 a9 49   ........l......I
04f0 - d9 04 3d 1a 22 ef 73 be-c6 10 67 43 b7 3f 4c a5   ..=.".s...gC.?L.
0500 - bc 9b 01 98 6c b3 61 22-98 ec 51 55 53 53 38 e9   ....l.a"..QUSS8.
0510 - 84 7a 2a 6b 30 aa 15 7e-20 6a de 0f f6 bd 0f 08   .z*k0..~ j......
0520 - dc be ba ce 3f 3c 3b 0f-7f fb d0 ed 1e 57 86 b9   ....?<;......W..
0530 - 70 a8 96 28 66 0e 3a d4-b2 aa 32 14 95 0a 3f e5   p..(f.:...2...?.
0540 - 17 f8 d8 cc 91 a9 02 03-01 00 01 a3 81 b6 30 81   ..............0.
0550 - b3 30 1d 06 03 55 1d 0e-04 16 04 14 cd df 18 20   .0...U.........
0560 - 8a 6d 74 4f 37 dc b2 e0-89 a2 a9 0b 95 88 cb 0b   .mtO7...........
0570 - 30 81 83 06 03 55 1d 23-04 7c 30 7a 80 14 cd df   0....U.#.|0z....
0580 - 18 20 8a 6d 74 4f 37 dc-b2 e0 89 a2 a9 0b 95 88   . .mtO7.........
0590 - cb 0b a1 5e a4 5c 30 5a-31 0b 30 09 06 03 55 04   ...^.\0Z1.0...U.
05a0 - 06 13 02 55 53 31 13 30-11 06 03 55 04 08 13 0a   ...US1.0...U....
05b0 - 57 61 73 68 69 6e 67 74-6f 6e 31 10 30 0e 06 03   Washington1.0...
05c0 - 55 04 07 13 07 53 65 61-74 74 6c 65 31 24 30 22   U....Seattle1$0"
05d0 - 06 03 55 04 0a 13 1b 67-65 74 61 43 65 72 74 20   ..U....getaCert
05e0 - 2d 20 77 77 77 2e 67 65-74 61 63 65 72 74 2e 63   - www.getacert.c
05f0 - 6f 6d 82 02 07 b2 30 0c-06 03 55 1d 13 04 05 30   om....0...U....0
0600 - 03 01 01 ff 30 0d 06 09-2a 86 48 86 f7 0d 01 01   ....0...*.H.....
0610 - 04 05 00 03 82 01 01 00-6d 92 1a 4a 3c 5f 06 52   ........m..J<_.R
0620 - 74 33 55 6f fb fa a1 8a-3b 36 dc 14 ea 8e fa 75   t3Uo....;6.....u
0630 - ab 44 fa ee 59 03 b0 22-c9 73 2b c4 ad e4 b1 fe   .D..Y..".s+.....
0640 - 38 4c e9 9b 06 ca cc 6e-bc fe 61 9e 37 aa 10 bf   8L.....n..a.7...
0650 - f2 26 72 9f 06 5e f0 4f-a3 c8 88 11 98 9a 7a 5a   .&r..^.O......zZ
0660 - 58 85 b6 c7 96 f9 d5 2f-f9 ba 09 3c 5e 5b 83 7d   X....../...<^[.}
0670 - d9 b0 79 a5 ad dc 36 1e-25 68 52 ba e6 ce 92 8a   ..y...6.%hR.....
0680 - 4b e9 80 4f 86 eb 0a 57-6e 82 bd 98 65 d2 9f ca   K..O...Wn...e...
0690 - e2 e3 77 c9 1f 5e a5 98-87 e9 d3 60 c4 1f 54 f2   ..w..^.....`..T.
06a0 - 17 ca 9a ba 23 8b 2e 3b-97 38 c0 23 7f e8 93 7c   ....#..;.8.#...|
06b0 - ad b9 d3 b2 00 00 df 53-f2 2d a7 f7 5c bd 8d a4   .......S.-..\...
06c0 - 35 57 83 f6 b3 cc 8a b1-24 4f e1 c1 f5 f6 1d a8   5W......$O......
06d0 - 85 5d 06 0c 44 aa ed 96-11 43 5e ab e0 d7 a9 9c   .]..D....C^.....
06e0 - 8a fe 64 2f 6c 6f 26 e9-73 53 2c 1c 58 6e b4 ef   ..d/lo&.sS,.Xn..
06f0 - 5d 44 1e 40 bd 36 da 32-53 31 41 29 58 96 5b 11   ]D. at .6.2S1A)X.[.
0700 - ed 92 20 38 59 f3 56 98-1e d5 bf 9d c4 45 13 d3   .. 8Y.V......E..
0710 - 88 d6 15 81 e1 44 57 26-                          .....DW&
depth=1 C = US, ST = Washington, L = Seattle, O = getaCert - www.getacert.com
verify error:num=19:self signed certificate in certificate chain
verify return:0
read from 0x24244c0 [0x2429fc3] (5 bytes => 5 (0x5))
0000 - 16 03 03 00 76                                    ....v
read from 0x24244c0 [0x2429fc8] (118 bytes => 118 (0x76))
0000 - 0d 00 00 72 01 01 00 0e-06 01 05 01 04 01 03 01   ...r............
0010 - 02 01 02 02 01 01 00 5e-00 5c 30 5a 31 0b 30 09   .......^.\0Z1.0.
0020 - 06 03 55 04 06 13 02 55-53 31 13 30 11 06 03 55   ..U....US1.0...U
0030 - 04 08 13 0a 57 61 73 68-69 6e 67 74 6f 6e 31 10   ....Washington1.
0040 - 30 0e 06 03 55 04 07 13-07 53 65 61 74 74 6c 65   0...U....Seattle
0050 - 31 24 30 22 06 03 55 04-0a 13 1b 67 65 74 61 43   1$0"..U....getaC
0060 - 65 72 74 20 2d 20 77 77-77 2e 67 65 74 61 63 65   ert - www.getace
0070 - 72 74 2e 63 6f 6d                                 rt.com
read from 0x24244c0 [0x2429fc3] (5 bytes => 5 (0x5))
0000 - 16 03 03 00 04                                    .....
read from 0x24244c0 [0x2429fc8] (4 bytes => 4 (0x4))
0000 - 0e                                                .
0004 - <SPACES/NULS>
write to 0x24244c0 [0x2433ca0] (12 bytes => 12 (0xC))
0000 - 16 03 03 00 07 0b 00 00-03                        .........
000c - <SPACES/NULS>
write to 0x24244c0 [0x2433ca0] (267 bytes => 267 (0x10B))
0000 - 16 03 03 01 06 10 00 01-02 01 00 36 13 43 03 34   ...........6.C.4
0010 - e0 fd 10 98 79 74 6c cc-5d f7 57 03 52 62 d9 18   ....ytl.].W.Rb..
0020 - 61 f1 a0 09 df 60 f0 40-e7 93 14 28 71 fc 7d 5b   a....`. at ...(q.}[
0030 - 39 cf 3e 46 96 c7 5f 8e-b7 76 ea 91 a5 31 d7 de   9.>F.._..v...1..
0040 - 4b 58 81 91 17 29 be d8-fd 49 9c 83 35 7a 36 1f   KX...)...I..5z6.
0050 - b6 24 8f f9 c1 0e 39 2e-0c 5d 3d 9d fa ee ff 50   .$....9..]=....P
0060 - 6a 83 1c 34 0e 06 d1 cb-de 87 ee 00 e2 ad 01 4f   j..4...........O
0070 - eb 10 6a 56 2f a7 2d a0-e6 f3 a8 eb c3 8a 7c 2b   ..jV/.-.......|+
0080 - ba 31 6a ca 44 12 8e 55-83 f5 d1 90 44 d9 92 7d   .1j.D..U....D..}
0090 - 9f 3a 4d df a0 76 e7 1e-a7 58 d1 b3 0b eb dc 71   .:M..v...X.....q
00a0 - e0 5d e2 9f 03 5f e0 b5-a9 ad fd ee 0c 9a 7c 50   .]..._........|P
00b0 - a1 16 ce 90 46 7c 72 3f-7f 36 ee b6 ca a5 55 67   ....F|r?.6....Ug
00c0 - 15 f0 5e e8 c5 53 35 b1-c2 31 bc 56 90 6c 5c 2e   ..^..S5..1.V.l\.
00d0 - ea ba 7e 83 9c a7 4d 50-67 a8 45 cc 02 17 f2 dc   ..~...MPg.E.....
00e0 - 18 93 23 24 2b d7 0f c1-a9 ef 81 1e fc 60 da 2d   ..#$+........`.-
00f0 - ad c2 15 b7 04 2c 08 a8-4c 04 22 ff ad 62 b4 21   .....,..L."..b.!
0100 - 19 69 36 ba 8a 5c c1 09-8c 96 44                  .i6..\....D
write to 0x24244c0 [0x2433ca0] (6 bytes => 6 (0x6))
0000 - 14 03 03 00 01 01                                 ......
write to 0x24244c0 [0x2433ca0] (85 bytes => 85 (0x55))
0000 - 16 03 03 00 50 33 88 33-12 d4 69 22 04 4a 93 95   ....P3.3..i".J..
0010 - 58 41 d2 7e 2a 06 a0 09-19 4d 56 b8 2d 7f 69 f2   XA.~*....MV.-.i.
0020 - 79 ec 37 28 12 e8 bb fc-b9 1d 3c ed 06 87 28 c4   y.7(......<...(.
0030 - d3 87 7b f0 f4 08 c5 31-16 9f 2b f9 b3 3b 97 41   ..{....1..+..;.A
0040 - fa 0c 80 23 a6 89 e3 04-55 bd 69 f3 e2 63 2e 02   ...#....U.i..c..
0050 - 2c 78 d7 1f 32                                    ,x..2
read from 0x24244c0 [0x2429fc3] (5 bytes => 5 (0x5))
0000 - 14 03 03 00 01                                    .....
read from 0x24244c0 [0x2429fc8] (1 bytes => 1 (0x1))
0000 - 01                                                .
read from 0x24244c0 [0x2429fc3] (5 bytes => 5 (0x5))
0000 - 16 03 03 00 50                                    ....P
read from 0x24244c0 [0x2429fc8] (80 bytes => 80 (0x50))
0000 - 05 e9 4a b8 8b 9c 1b 18-c8 93 df a0 f1 e5 88 16   ..J.............
0010 - df c6 2f ee 86 b9 c1 2d-c3 78 dd 7b eb 78 25 09   ../....-.x.{.x%.
0020 - 09 ac 76 72 58 1f 9b f2-53 97 3a 1a 35 d3 87 e7   ..vrX...S.:.5...
0030 - 8a 9d 07 dc 2a a2 a0 6c-55 4c da 26 15 30 ca 4d   ....*..lUL.&.0.M
0040 - c4 29 e9 8b 12 5b ea 1e-f3 a0 71 a3 4c 33 79 a6   .)...[....q.L3y.
---
Certificate chain
 0 s:/CN=riak at 127.0.0.1
   i:/C=US/ST=Washington/L=Seattle/O=getaCert - www.getacert.com
 1 s:/C=US/ST=Washington/L=Seattle/O=getaCert - www.getacert.com
   i:/C=US/ST=Washington/L=Seattle/O=getaCert - www.getacert.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDHDCCAgSgAwIBAgICE3cwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UEBhMCVVMx
EzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1NlYXR0bGUxJDAiBgNVBAoT
G2dldGFDZXJ0IC0gd3d3LmdldGFjZXJ0LmNvbTAeFw0xNjA4MjIyMjQyNDBaFw0x
NjEwMjEyMjQyNDBaMBkxFzAVBgNVBAMMDnJpYWtAMTI3LjAuMC4xMIIBIjANBgkq
hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiWEXAA193kK/9jVx77/v3grXazowaYD4
oUc78Sk6CfAc8kaRlyrIyvZk+yz8xmnZWhL/UVlEtYkXRTjJ3c8RCCF332TW5C4L
VJfdh+l0yXOfB4dsmzfJ9S67PMT6pwGIoj/4khhbHuLKjuCwo8iPjZBs2m1agxwH
XFBAZx9NOBgdCKm/NDK3qsx60CaAIe4l8PRVyV6WKYMyt9m3+H5vEXz46907Bbku
8gspGvUjL51xpXeev8osNLFrEAOxHRYjEjzlZVqroxwdBfv00LCh+A/scaWpJ5bi
BIFQ9F1RVTIuEIfsjSyfXO/e+ZYpJSSrfwFWv2eSrDQPlepQFapyDQIDAQABoy0w
KzAJBgNVHRMEAjAAMBEGCWCGSAGG+EIBAQQEAwIE8DALBgNVHQ8EBAMCBSAwDQYJ
KoZIhvcNAQELBQADggEBAGh6mMvE3QizwNQGyL5f4ynegLaR7hE+Td2PaEuty/2t
I2y4aCkKV+R/TTZDkFpZ+Mv3ZZyfzECrEdeGmSMqRbYMD/uHTiMZGBjqcrsVpp5U
BtdrIWRkJ4kMhyVUY/gp6rYTomqJWcr03w0kI9hBJUYpJ7To21eZGL0Wqz8daFRD
QaoHwPJFe2qAaco+lJqMc/8hwAuVMJ1+Tn34fWU6tUYPSBosvzZzMR90jfVK7AGF
GY/5cu+HbDwZlACHTp9XDJrR2xtLA8xC1ZtUULBG0CIQUpt5fixjdI4g4nORAuOd
3vVTd+vRDilYcpFiUfgZ2TkzJzY1hElNBFM2XNwZTw0=
-----END CERTIFICATE-----
subject=/CN=riak at 127.0.0.1
issuer=/C=US/ST=Washington/L=Seattle/O=getaCert - www.getacert.com
---
Acceptable client certificate CA names
/C=US/ST=Washington/L=Seattle/O=getaCert - www.getacert.com
---
SSL handshake has read 2123 bytes and written 665 bytes
---
New, TLSv1/SSLv3, Cipher is AES128-SHA256
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : AES128-SHA256
    Session-ID: D556E6A1910D375558B3FDA7A69A16E65907336F84B002DD6AB2BD47CAD2DA3A
    Session-ID-ctx:
    Master-Key: A1B04B4C00A411B47CE8F0A5EDE4E72448E109D9549246E814BEC1B997DC69C2599D61A904340B5185DD4EC798D66729
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1472681389
    Timeout   : 300 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)
---


-----Original Message-----
From: Luke Bakken [mailto:lbakken at basho.com]
Sent: Tuesday, August 30, 2016 2:21 PM
To: Nguyen, Kyle
Cc: Riak Users
Subject: Re: Need help with Riak-KV (2.1.4) certificate based authentication using Java client

This command will show the handshake used for HTTPS. It will show if the server's certificate (the same one used for TLS) can be validated.

Using "openssl s_client" is a good way to start diagnosing what's actually happening when SSL/TLS is enabled in Riak.

--
Luke Bakken
Engineer
lbakken at basho.com

On Tue, Aug 30, 2016 at 2:18 PM, Nguyen, Kyle <kyle.nguyen at philips.com> wrote:
> Hi Luke,
>
> I am using TLS for protocol buffer - not sure if you're thinking of HTTP only.
>
> Thanks
>
> -Kyle-
>
> -----Original Message-----
> From: Luke Bakken [mailto:lbakken at basho.com]
> Sent: Tuesday, August 30, 2016 2:14 PM
> To: Nguyen, Kyle
> Cc: Riak Users
> Subject: Re: Need help with Riak-KV (2.1.4) certificate based
> authentication using Java client
>
> Kyle,
>
> I would be interested to see the output of this command run on the same server as your Riak node:
>
> openssl s_client -debug -connect localhost:8098
>
> Please replace "8098" with the HTTPS port used in this configuration setting in your /etc/riak.conf file:
>
> listener.https.internal

________________________________
The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message.


More information about the riak-users mailing list