[Server Side logging] ==> debug.log <== 2009.04.07 07:08:55 NIOConnection: startTLS: using c2s 2009.04.07 07:08:55 ClientTrustManager: Updating CRLs 2009.04.07 07:08:55 ClientTrustManager: adding CRL for EMAILADDRESS=group1@*******, CN=Group1_CA, OU=Group1, OU=*****, O=****, ST=Pennsylvania, C=US ==> nohup.out <== *** found key for : server.*******_1 chain [0] = [ [ Version: V3 Subject: EMAILADDRESS=group1@*******, CN=server.*******, OU=Group1, OU=*****, O=****, ST=Pennsylvania, C=US Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4 Key: Sun RSA public key, 1024 bits modulus: 127123609316888048624272933882701390408011971366149354635250840018002698696635154420359438396935683925697701441179796265646823210677404160218968299768313613193688512350077041601609073253426645972841461006019236971464092923093154013995289606009730480462749838695639099263046705413093169359766961482953898181793 public exponent: 65537 Validity: [From: Fri Oct 24 10:44:18 EDT 2008, To: Wed Apr 16 10:44:18 EDT 2014] Issuer: EMAILADDRESS=group1@*******, CN=Group1_CA, OU=Group1, OU=*****, O=****, ST=Pennsylvania, C=US SerialNumber: [ 13] Certificate Extensions: 4 [1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false Extension unknown: DER encoded OCTET string = 0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene 0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat 0020: 65 e [2]: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: AA BF 09 9B EC 08 28 A7 CF EA 3C FE B4 2C 5C 9A ......(...<..,\. 0010: A3 1D E4 54 ...T ] ] [3]: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 18 30 75 85 D3 32 86 19 1E 90 C4 6E CE 74 2D E0 .0u..2.....n.t-. 0010: ED E3 2B 63 ..+c ] [EMAILADDRESS=group1@*******, CN=Group1_CA, OU=Group1, OU=*****, O=****, ST=Pennsylvania, C=US] SerialNumber: [ 00] ] [4]: ObjectId: 2.5.29.19 Criticality=false BasicConstraints:[ CA:false PathLen: undefined ] ] Algorithm: [MD5withRSA] Signature: 0000: 01 AE 89 64 B5 4A 58 C1 79 DF 9E 3F C0 DC A7 52 ...d.JX.y..?...R 0010: 9E 8B 1D F6 3E 0F 6F D5 18 BA F7 9C ED 92 DD 1B ....>.o......... 0020: C6 81 79 A6 21 08 52 67 52 48 CD 66 6A FD 52 D0 ..y.!.RgRH.fj.R. 0030: 43 98 A7 F0 70 9D 5B 82 31 60 43 7A DB 18 40 08 C...p.[.1`Cz..@. ] chain [1] = [ [ Version: V3 Subject: EMAILADDRESS=group1@*******, CN=Group1_CA, OU=Group1, OU=*****, O=****, ST=Pennsylvania, C=US Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4 Key: Sun RSA public key, 512 bits modulus: 9746020342766269736585995284043932988787226658786087322088913089379265402583371715225182860422998167049908704890162543157315607295057110292141726139610861 public exponent: 65537 Validity: [From: Fri Jun 27 15:29:52 EDT 2008, To: Tue Sep 13 15:29:52 EDT 2016] Issuer: EMAILADDRESS=group1@*******, CN=Group1_CA, OU=Group1, OU=*****, O=****, ST=Pennsylvania, C=US SerialNumber: [ 00] Certificate Extensions: 3 [1]: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 18 30 75 85 D3 32 86 19 1E 90 C4 6E CE 74 2D E0 .0u..2.....n.t-. 0010: ED E3 2B 63 ..+c ] ] [2]: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 18 30 75 85 D3 32 86 19 1E 90 C4 6E CE 74 2D E0 .0u..2.....n.t-. 0010: ED E3 2B 63 ..+c ] [EMAILADDRESS=group1@*******, CN=Group1_CA, OU=Group1, OU=*****, O=****, ST=Pennsylvania, C=US] SerialNumber: [ 00] ] [3]: ObjectId: 2.5.29.19 Criticality=false BasicConstraints:[ CA:true PathLen:2147483647 ] ] Algorithm: [MD5withRSA] Signature: 0000: 54 FE B2 51 7A 6C 0C 1B 44 DD 94 F4 95 8F 86 A3 T..Qzl..D....... 0010: 6B 73 9A EF 5E A1 E1 64 11 6B 7A 19 BA 8C 07 41 ks..^..d.kz....A 0020: 20 2C 26 73 05 BF EF 92 2B 8B 09 B4 A3 82 95 3B ,&s....+......; 0030: 0E 74 40 F5 CE E4 39 40 B8 09 43 2D 2F F1 87 5F .t@...9@..C-/.._ ] *** *** found key for : server.*******_2 chain [0] = [ [ Version: V3 Subject: EMAILADDRESS=group1@*******, CN=server.*******, OU=Group1, OU=*****, O=****, ST=Pennsylvania, C=US Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4 Key: Sun RSA public key, 1024 bits modulus: 127123609316888048624272933882701390408011971366149354635250840018002698696635154420359438396935683925697701441179796265646823210677404160218968299768313613193688512350077041601609073253426645972841461006019236971464092923093154013995289606009730480462749838695639099263046705413093169359766961482953898181793 public exponent: 65537 Validity: [From: Fri Oct 24 10:44:18 EDT 2008, To: Wed Apr 16 10:44:18 EDT 2014] Issuer: EMAILADDRESS=group1@*******, CN=Group1_CA, OU=Group1, OU=*****, O=****, ST=Pennsylvania, C=US SerialNumber: [ 13] Certificate Extensions: 4 [1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false Extension unknown: DER encoded OCTET string = 0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene 0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat 0020: 65 e [2]: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: AA BF 09 9B EC 08 28 A7 CF EA 3C FE B4 2C 5C 9A ......(...<..,\. 0010: A3 1D E4 54 ...T ] ] [3]: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 18 30 75 85 D3 32 86 19 1E 90 C4 6E CE 74 2D E0 .0u..2.....n.t-. 0010: ED E3 2B 63 ..+c ] [EMAILADDRESS=group1@*******, CN=Group1_CA, OU=Group1, OU=*****, O=****, ST=Pennsylvania, C=US] SerialNumber: [ 00] ] [4]: ObjectId: 2.5.29.19 Criticality=false BasicConstraints:[ CA:false PathLen: undefined ] ] Algorithm: [MD5withRSA] Signature: 0000: 01 AE 89 64 B5 4A 58 C1 79 DF 9E 3F C0 DC A7 52 ...d.JX.y..?...R 0010: 9E 8B 1D F6 3E 0F 6F D5 18 BA F7 9C ED 92 DD 1B ....>.o......... 0020: C6 81 79 A6 21 08 52 67 52 48 CD 66 6A FD 52 D0 ..y.!.RgRH.fj.R. 0030: 43 98 A7 F0 70 9D 5B 82 31 60 43 7A DB 18 40 08 C...p.[.1`Cz..@. ] chain [1] = [ [ Version: V3 Subject: EMAILADDRESS=group1@*******, CN=Group1_CA, OU=Group1, OU=*****, O=****, ST=Pennsylvania, C=US Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4 Key: Sun RSA public key, 512 bits modulus: 9746020342766269736585995284043932988787226658786087322088913089379265402583371715225182860422998167049908704890162543157315607295057110292141726139610861 public exponent: 65537 Validity: [From: Fri Jun 27 15:29:52 EDT 2008, To: Tue Sep 13 15:29:52 EDT 2016] Issuer: EMAILADDRESS=group1@*******, CN=Group1_CA, OU=Group1, OU=*****, O=****, ST=Pennsylvania, C=US SerialNumber: [ 00] Certificate Extensions: 3 [1]: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 18 30 75 85 D3 32 86 19 1E 90 C4 6E CE 74 2D E0 .0u..2.....n.t-. 0010: ED E3 2B 63 ..+c ] ] [2]: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 18 30 75 85 D3 32 86 19 1E 90 C4 6E CE 74 2D E0 .0u..2.....n.t-. 0010: ED E3 2B 63 ..+c ] [EMAILADDRESS=group1@*******, CN=Group1_CA, OU=Group1, OU=*****, O=****, ST=Pennsylvania, C=US] SerialNumber: [ 00] ] [3]: ObjectId: 2.5.29.19 Criticality=false BasicConstraints:[ CA:true PathLen:2147483647 ] ] Algorithm: [MD5withRSA] Signature: 0000: 54 FE B2 51 7A 6C 0C 1B 44 DD 94 F4 95 8F 86 A3 T..Qzl..D....... 0010: 6B 73 9A EF 5E A1 E1 64 11 6B 7A 19 BA 8C 07 41 ks..^..d.kz....A 0020: 20 2C 26 73 05 BF EF 92 2B 8B 09 B4 A3 82 95 3B ,&s....+......; 0030: 0E 74 40 F5 CE E4 39 40 B8 09 43 2D 2F F1 87 5F .t@...9@..C-/.._ ] *** trigger seeding of SecureRandom done seeding SecureRandom Using SSLEngineImpl. ==> debug.log <== 2009.04.07 07:11:39 NIOConnection: startTLS: using c2s 2009.04.07 07:11:39 ClientTrustManager: Updating CRLs 2009.04.07 07:11:39 ClientTrustManager: adding CRL for EMAILADDRESS=group1@*******, CN=Group1_CA, OU=Group1, OU=*****, O=****, ST=Pennsylvania, C=US ==> nohup.out <== SocketAcceptorIoProcessor-0.0, READ: SSL v2, contentType = Handshake, translated length = 73 *** ClientHello, TLSv1 RandomCookie: GMT: 1222325228 bytes = { 243, 69, 18, 79, 67, 74, 126, 230, 17, 233, 239, 201, 59, 139, 100, 196, 224, 86, 165, 70, 36, 62, 30, 65, 2, 162, 186, 137 } Session ID: {} Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA] Compression Methods: { 0 } *** matching alias: server.*******_2 matching alias: server.*******_1 %% Created: [Session-4, SSL_RSA_WITH_RC4_128_MD5] *** ServerHello, TLSv1 RandomCookie: GMT: 1222325228 bytes = { 52, 165, 85, 103, 141, 105, 24, 53, 5, 192, 178, 50, 181, 49, 166, 67, 145, 33, 39, 231, 25, 24, 217, 219, 25, 234, 15, 177 } Session ID: {73, 219, 52, 236, 20, 243, 88, 111, 200, 35, 42, 76, 106, 124, 240, 224, 105, 78, 130, 60, 203, 88, 200, 244, 88, 248, 14, 99, 32, 126, 29, 175} Cipher Suite: SSL_RSA_WITH_RC4_128_MD5 Compression Method: 0 *** Cipher suite: SSL_RSA_WITH_RC4_128_MD5 *** Certificate chain chain [0] = [ [ Version: V3 Subject: EMAILADDRESS=group1@*******, CN=server.*******, OU=Group1, OU=*****, O=****, ST=Pennsylvania, C=US Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4 Key: Sun RSA public key, 1024 bits modulus: 127123609316888048624272933882701390408011971366149354635250840018002698696635154420359438396935683925697701441179796265646823210677404160218968299768313613193688512350077041601609073253426645972841461006019236971464092923093154013995289606009730480462749838695639099263046705413093169359766961482953898181793 public exponent: 65537 Validity: [From: Fri Oct 24 10:44:18 EDT 2008, To: Wed Apr 16 10:44:18 EDT 2014] Issuer: EMAILADDRESS=group1@*******, CN=Group1_CA, OU=Group1, OU=*****, O=****, ST=Pennsylvania, C=US SerialNumber: [ 13] Certificate Extensions: 4 [1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false Extension unknown: DER encoded OCTET string = 0000: 04 1F 16 1D 4F 70 65 6E 53 53 4C 20 47 65 6E 65 ....OpenSSL Gene 0010: 72 61 74 65 64 20 43 65 72 74 69 66 69 63 61 74 rated Certificat 0020: 65 e [2]: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: AA BF 09 9B EC 08 28 A7 CF EA 3C FE B4 2C 5C 9A ......(...<..,\. 0010: A3 1D E4 54 ...T ] ] [3]: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 18 30 75 85 D3 32 86 19 1E 90 C4 6E CE 74 2D E0 .0u..2.....n.t-. 0010: ED E3 2B 63 ..+c ] [EMAILADDRESS=group1@*******, CN=Group1_CA, OU=Group1, OU=*****, O=****, ST=Pennsylvania, C=US] SerialNumber: [ 00] ] [4]: ObjectId: 2.5.29.19 Criticality=false BasicConstraints:[ CA:false PathLen: undefined ] ] Algorithm: [MD5withRSA] Signature: 0000: 01 AE 89 64 B5 4A 58 C1 79 DF 9E 3F C0 DC A7 52 ...d.JX.y..?...R 0010: 9E 8B 1D F6 3E 0F 6F D5 18 BA F7 9C ED 92 DD 1B ....>.o......... 0020: C6 81 79 A6 21 08 52 67 52 48 CD 66 6A FD 52 D0 ..y.!.RgRH.fj.R. 0030: 43 98 A7 F0 70 9D 5B 82 31 60 43 7A DB 18 40 08 C...p.[.1`Cz..@. ] chain [1] = [ [ Version: V3 Subject: EMAILADDRESS=group1@*******, CN=Group1_CA, OU=Group1, OU=*****, O=****, ST=Pennsylvania, C=US Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4 Key: Sun RSA public key, 512 bits modulus: 9746020342766269736585995284043932988787226658786087322088913089379265402583371715225182860422998167049908704890162543157315607295057110292141726139610861 public exponent: 65537 Validity: [From: Fri Jun 27 15:29:52 EDT 2008, To: Tue Sep 13 15:29:52 EDT 2016] Issuer: EMAILADDRESS=group1@*******, CN=Group1_CA, OU=Group1, OU=*****, O=****, ST=Pennsylvania, C=US SerialNumber: [ 00] Certificate Extensions: 3 [1]: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: 18 30 75 85 D3 32 86 19 1E 90 C4 6E CE 74 2D E0 .0u..2.....n.t-. 0010: ED E3 2B 63 ..+c ] ] [2]: ObjectId: 2.5.29.35 Criticality=false AuthorityKeyIdentifier [ KeyIdentifier [ 0000: 18 30 75 85 D3 32 86 19 1E 90 C4 6E CE 74 2D E0 .0u..2.....n.t-. 0010: ED E3 2B 63 ..+c ] [EMAILADDRESS=group1@*******, CN=Group1_CA, OU=Group1, OU=*****, O=****, ST=Pennsylvania, C=US] SerialNumber: [ 00] ] [3]: ObjectId: 2.5.29.19 Criticality=false BasicConstraints:[ CA:true PathLen:2147483647 ] ] Algorithm: [MD5withRSA] Signature: 0000: 54 FE B2 51 7A 6C 0C 1B 44 DD 94 F4 95 8F 86 A3 T..Qzl..D....... 0010: 6B 73 9A EF 5E A1 E1 64 11 6B 7A 19 BA 8C 07 41 ks..^..d.kz....A 0020: 20 2C 26 73 05 BF EF 92 2B 8B 09 B4 A3 82 95 3B ,&s....+......; 0030: 0E 74 40 F5 CE E4 39 40 B8 09 43 2D 2F F1 87 5F .t@...9@..C-/.._ ] *** SocketAcceptorIoProcessor-0.0, fatal error: 80: problem unwrapping net record java.lang.RuntimeException: Delegated task threw Exception/Error SocketAcceptorIoProcessor-0.0, SEND TLSv1 ALERT: fatal, description = internal_error SocketAcceptorIoProcessor-0.0, WRITE: TLSv1 Alert, length = 2 java.lang.RuntimeException: Delegated task threw Exception/Error at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(Unknown Source) at javax.net.ssl.SSLEngine.unwrap(Unknown Source) at org.apache.mina.filter.support.SSLHandler.unwrap0(SSLHandler.java:658) at org.apache.mina.filter.support.SSLHandler.unwrapHandshake(SSLHandler.java:614) at org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:493) at org.apache.mina.filter.support.SSLHandler.messageReceived(SSLHandler.java:306) at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:392) at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:299) at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilterChain.java:53) at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:648) at org.apache.mina.common.support.AbstractIoFilterChain$HeadFilter.messageReceived(AbstractIoFilterChain.java:499) at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:299) at org.apache.mina.common.support.AbstractIoFilterChain.fireMessageReceived(AbstractIoFilterChain.java:293) at org.apache.mina.transport.socket.nio.SocketIoProcessor.read(SocketIoProcessor.java:228) at org.apache.mina.transport.socket.nio.SocketIoProcessor.process(SocketIoProcessor.java:198) at org.apache.mina.transport.socket.nio.SocketIoProcessor.access$400(SocketIoProcessor.java:45) at org.apache.mina.transport.socket.nio.SocketIoProcessor$Worker.run(SocketIoProcessor.java:485) at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:51) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Caused by: java.lang.NullPointerException at com.sun.net.ssl.internal.ssl.HandshakeMessage$CertificateRequest.(Unknown Source) at com.sun.net.ssl.internal.ssl.ServerHandshaker.clientHello(Unknown Source) at com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Unknown Source) at org.apache.mina.filter.support.SSLHandler.doTasks(SSLHandler.java:686) at org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:486) ... 16 more ==> error.log <== 2009.04.07 07:11:40 [org.jivesoftware.openfire.nio.ConnectionHandler.exceptionCaught(ConnectionHandler.java:110)] java.lang.RuntimeException: Delegated task threw Exception/Error at com.sun.net.ssl.internal.ssl.Handshaker.checkThrown(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.checkTaskThrown(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(Unknown Source) at javax.net.ssl.SSLEngine.unwrap(Unknown Source) at org.apache.mina.filter.support.SSLHandler.unwrap0(SSLHandler.java:658) at org.apache.mina.filter.support.SSLHandler.unwrapHandshake(SSLHandler.java:614) at org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:493) at org.apache.mina.filter.support.SSLHandler.messageReceived(SSLHandler.java:306) at org.apache.mina.filter.SSLFilter.messageReceived(SSLFilter.java:392) at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:299) at org.apache.mina.common.support.AbstractIoFilterChain.access$1100(AbstractIoFilterChain.java:53) at org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:648) at org.apache.mina.common.support.AbstractIoFilterChain$HeadFilter.messageReceived(AbstractIoFilterChain.java:499) at org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:299) at org.apache.mina.common.support.AbstractIoFilterChain.fireMessageReceived(AbstractIoFilterChain.java:293) at org.apache.mina.transport.socket.nio.SocketIoProcessor.read(SocketIoProcessor.java:228) at org.apache.mina.transport.socket.nio.SocketIoProcessor.process(SocketIoProcessor.java:198) at org.apache.mina.transport.socket.nio.SocketIoProcessor.access$400(SocketIoProcessor.java:45) at org.apache.mina.transport.socket.nio.SocketIoProcessor$Worker.run(SocketIoProcessor.java:485) at org.apache.mina.util.NamePreservingRunnable.run(NamePreservingRunnable.java:51) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Caused by: java.lang.NullPointerException at com.sun.net.ssl.internal.ssl.HandshakeMessage$CertificateRequest.(Unknown Source) at com.sun.net.ssl.internal.ssl.ServerHandshaker.clientHello(Unknown Source) at com.sun.net.ssl.internal.ssl.ServerHandshaker.processMessage(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at com.sun.net.ssl.internal.ssl.Handshaker$DelegatedTask.run(Unknown Source) at org.apache.mina.filter.support.SSLHandler.doTasks(SSLHandler.java:686) at org.apache.mina.filter.support.SSLHandler.handshake(SSLHandler.java:486) ... 16 more [Cancel on the client] ==> nohup.out <== SocketAcceptorIoProcessor-0.0, called closeInbound() SocketAcceptorIoProcessor-0.0, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? SocketAcceptorIoProcessor-0.0, called closeOutbound() SocketAcceptorIoProcessor-0.0, closeOutboundInternal() [Client Side logging] errors.log and warn.log have the same thing: ------ $ tail ~/.Spark/logs/warn.log Mar 9, 2009 3:33:32 PM org.jivesoftware.spark.util.log.Log warning WARNING: Exception in Login: No response from the server.: at org.jivesoftware.smack.NonSASLAuthentication.authenticate(NonSASLAuthentication.java:58) at org.jivesoftware.smack.SASLAuthentication.authenticate(SASLAuthentication.java:227) at org.jivesoftware.smack.XMPPConnection.login(XMPPConnection.java:341) at org.jivesoftware.LoginDialog$LoginPanel.login(LoginDialog.java:828) at org.jivesoftware.LoginDialog$LoginPanel.access$400(LoginDialog.java:196) at org.jivesoftware.LoginDialog$LoginPanel$1.construct(LoginDialog.java:594) at org.jivesoftware.spark.util.SwingWorker$2.run(SwingWorker.java:129) at java.lang.Thread.run(Thread.java:595) [Keystore output] # keytool -keystore /opt/openfire/resources/security/client.truststore -list -v Enter keystore password: Keystore type: JKS Keystore provider: SUN Your keystore contains 1 entry Alias name: ***** Creation date: Mar 9, 2009 Entry type: trustedCertEntry Owner: ***** Issuer: ***** Serial number: 0 Valid from: Fri Jun 27 15:29:52 EDT 2008 until: Tue Sep 13 15:29:52 EDT 2016 Certificate fingerprints: MD5: 47:D2:6C:5E:B3:20:4C:8A:2B:62:6F:8C:A8:4D:30:F2 SHA1: 66:3E:AE:6F:92:78:A7:A6:7F:4B:82:41:31:BA:C5:B7:06:64:9B:2B Signature algorithm name: MD5withRSA Version: 3 -------------- # keytool -keystore /opt/openfire/resources/security/truststore -list -v |grep -C20 -i ***** Enter keystore password: ***** [...] ******************************************* ******************************************* Alias name: **** Creation date: Mar 10, 2009 Entry type: trustedCertEntry Owner: **** Issuer: **** Serial number: 0 Valid from: Fri Jun 27 15:29:52 EDT 2008 until: Tue Sep 13 15:29:52 EDT 2016 Certificate fingerprints: MD5: 47:D2:6C:5E:B3:20:4C:8A:2B:62:6F:8C:A8:4D:30:F2 SHA1: 66:3E:AE:6F:92:78:A7:A6:7F:4B:82:41:31:BA:C5:B7:06:64:9B:2B Signature algorithm name: MD5withRSA Version: 3 [...] -------------- [Client side] $ keytool -keystore ~/.keystore -list Enter keystore password: **** Keystore type: jks Keystore provider: SUN Your keystore contains 2 entries ****, Mar 10, 2009, trustedCertEntry, Certificate fingerprint (MD5): 47:D2:6C:5E:B3:20:4C:8A:2B:62:6F:8C:A8:4D:30:F2 mykey, Mar 9, 2009, keyEntry, Certificate fingerprint (MD5): FC:BA:0F:26:BD:A7:B8:84:4F:ED:95:8D:62:5B:CD:1C ------ Importing the end-entity certificate (actual Client Certificate, vs. just the CA) makes no difference.