Da sich unser Server hinter einem Proxy befindet der kein CRL erlaubt haben wir RevocationChecking auf OCSP gesetzt:
Lt. log sagt er auch "MSG=OCSP response successfully received", am Ende kommt dann aber "OCSP response not trusted thus setting revocation status to unknown".
INFO | 07 09:19:01,400 | http-bio-8080-exec-5 | TID=IaikConfigurator NID=<null> MSG=Registering IAIK as security provider
INFO | 07 09:19:01,415 | http-bio-8080-exec-5 | TID=IaikConfigurator NID=<null> MSG=Registering IAIK-ECC as security provider
INFO | 07 09:19:01,415 | http-bio-8080-exec-5 | TID=IaikConfigurator NID=<null> MSG=Registering LDAP protocol handler
INFO | 07 09:19:01,415 | http-bio-8080-exec-5 | TID=IaikConfigurator NID=<null> MSG=Registered protocol handlers: iaik.pki|org.apache.axis.transport|
INFO | 07 09:19:01,415 | http-bio-8080-exec-5 | TID=IaikConfigurator NID=<null> MSG=Initializing IXSIL
DEBUG | 07 09:19:01,415 | http-bio-8080-exec-5 | TID=IaikConfigurator NID=<null> MSG=Configuring pki module
DEBUG | 07 09:19:01,415 | http-bio-8080-exec-5 | TID=IaikConfigurator NID=<null> MSG=Setting up the certstore(s)
DEBUG | 07 09:19:01,415 | http-bio-8080-exec-5 | TID=IaikConfigurator NID=<null> MSG=Setting up the cert info store(s)
DEBUG | 07 09:19:01,415 | http-bio-8080-exec-5 | TID=IaikConfigurator NID=<null> MSG=Setting up the archive
DEBUG | 07 09:19:01,415 | http-bio-8080-exec-5 | TID=IaikConfigurator NID=<null> MSG=Setting up the revocation source store
INFO | 07 09:19:01,415 | http-bio-8080-exec-5 | TID=IaikConfigurator NID=<null> MSG=Archiving disabled
DEBUG | 07 09:19:01,415 | http-bio-8080-exec-5 | TID=IaikConfigurator NID=<null> MSG=Setting up certificate status checking module
DEBUG | 07 09:19:01,415 | http-bio-8080-exec-5 | TID=IaikConfigurator NID=<null> MSG=Setting up certificate path validation module
INFO | 07 09:19:01,415 | http-bio-8080-exec-5 | TID=IaikConfigurator NID=<null> MSG=PKI module successfully configured
INFO | 07 09:19:01,415 | http-bio-8080-exec-5 | TID=startup NID=<null> MSG=MOA SP/SS Konfiguration erfolgreich geladen
DEBUG | 07 09:19:01,462 | http-bio-8080-exec-5 | >>> parsing the following content:
<?xml version="1.0" encoding="UTF-8"?><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:ecdsa="http://www.w3.org/2001/04/xmldsig-more#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:si="http://www.w3.org/2001/XMLSchema-instance" AssertionID="szr.bmi.gv.at-AssertionID136577061891311670" IssueInstant="2013-04-12T14:43:38+01:00" Issuer="http://portal.bmi.gv.at/ref/szr/issuer" MajorVersion="1" MinorVersion="0">
---REMOVED---
</saml:Assertion>
DEBUG | 07 09:19:01,478 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=resolveEntity: p=null s=file:///resources/schemas/cs-sstc-schema-assertion-01.xsd
DEBUG | 07 09:19:01,494 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=resolveEntity: p=null s=file:///resources/schemas/PersonData_20_en_moaWID.xsd
DEBUG | 07 09:19:01,509 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=resolveEntity: p=null s=file:///resources/schemas/ECDSAKeyValue.xsd
DEBUG | 07 09:19:01,525 | http-bio-8080-exec-5 | <<< parsed
DEBUG | 07 09:19:01,572 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=File uris allowed: false
DEBUG | 07 09:19:01,634 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Signer certificate chain: [Version: 3
Serial number: 469474
Signature algorithm: sha1WithRSAEncryption (1.2.840.113549.1.1.5)
Issuer: CN=a-sign-corporate-light-02,OU=a-sign-corporate-light-02,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT
Valid not before: Wed Jul 28 13:36:43 CEST 2010
not after: Tue Jul 28 13:36:43 CEST 2015
Subject: EMAIL=dsk@dsk.gv.at,serialNumber=325928323998,CN=Signaturservice Datenschutzkommission,OU=Stammzahlregisterbehoerde,O=Datenschutzkommission,C=AT
Sun RSA public key, 2048 bits
modulus: 28228571472454126468124436806957295157143716699614265907698482773777886784505475495711862158944231845901906624933911404258318534994833542446817197473411192411047747204271732495750869476848340675208016893997271801472682257349381991688028673865438188916805075860989442611482704525599666844927174912231143382307513870695360001766469780246375412696390975229327072689875536044839614355223208155866700922610200157300797014481257879629645197861736050144013076837211976908527659475536442363319191732040528144541564375887902967232699897438502602140981325527460077864201849599283808430631757257147018427247677133868550774778163
public exponent: 65537
Certificate Fingerprint (MD5) : D3:85:F0:B5:B5:2D:77:E2:2F:CD:9D:BF:79:EA:35:30
Certificate Fingerprint (SHA-1): A2:F1:38:CD:16:AD:04:BC:3F:14:5E:37:80:BF:A1:69:BF:DA:26:3B
Extensions: 10
]
DEBUG | 07 09:19:01,650 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Could not resolve URI using supplements:
DEBUG | 07 09:19:02,150 | http-bio-8080-exec-5 | TID=<null> NID=<null> MSG=Calculated hash value.
DEBUG | 07 09:19:02,165 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Could not resolve URI using supplements: #manifest
DEBUG | 07 09:19:02,244 | http-bio-8080-exec-5 | TID=<null> NID=<null> MSG=Calculated hash value.
INFO | 07 09:19:02,259 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=No signed properties included in signature.
DEBUG | 07 09:19:02,322 | http-bio-8080-exec-5 | TID=<null> NID=<null> MSG=Verified signature value.
DEBUG | 07 09:19:02,337 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Could not resolve URI using supplements: #manifest
DEBUG | 07 09:19:02,384 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Could not resolve URI using supplements:
DEBUG | 07 09:19:02,759 | http-bio-8080-exec-5 | TID=<null> NID=<null> MSG=Calculated hash value.
DEBUG | 07 09:19:02,775 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=EE cert key usage checked disabled
DEBUG | 07 09:19:02,775 | http-bio-8080-exec-5 | TID=<null> NID=<null> MSG=Setting internal DirectoryNameFormatter.CacheSize parameter: 10
DEBUG | 07 09:19:02,775 | http-bio-8080-exec-5 | TID=<null> NID=<null> MSG=Setting internal DirectoryNameFormatter.InMemoryCacheSize parameter: 0
DEBUG | 07 09:19:02,775 | http-bio-8080-exec-5 | TID=<null> NID=<null> MSG=storing cert "EMAIL=dsk@dsk.gv.at,serialNumber=325928323998,CN=Signaturservice Datenschutzkommission,OU=Stammzahlregisterbehoerde,O=Datenschutzkommission,C=AT" to: c: omcatmoa-spsscertstore3C025917C3C938FEB856E5440D28E4A568C311DC
INFO | 07 09:19:02,775 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=c: omcatmoa-spsscertstore3C025917C3C938FEB856E5440D28E4A568C311DCA2F138CD16AD04BC3F145E3780BFA169BFDA263B
DEBUG | 07 09:19:02,806 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Constructing chain, current size 1
DEBUG | 07 09:19:02,806 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Searching certstores: false
DEBUG | 07 09:19:02,806 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Constructing chain, current size 1
DEBUG | 07 09:19:02,806 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Searching certstores: true
DEBUG | 07 09:19:02,806 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG= Searching for certificate CN=a-sign-corporate-light-02,OU=a-sign-corporate-light-02,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT in CertStores
DEBUG | 07 09:19:02,806 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=# of CertStores to search for: 1
DEBUG | 07 09:19:02,806 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Type of CertSelector for CertStore # 0:iaik.pki.store.certstore.directory.DirectoryCertSelector -- CN=a-sign-corporate-light-02,OU=a-sign-corporate-light-02,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT
DEBUG | 07 09:19:02,806 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Checking for new certificates to be added
DEBUG | 07 09:19:02,806 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Trying to get certificate from directory cert store
DEBUG | 07 09:19:02,806 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Searching 1 certificates
DEBUG | 07 09:19:02,806 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Found 1 certificates in the directory cert store
DEBUG | 07 09:19:02,806 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG= # of certificates found in CertStores: 1
DEBUG | 07 09:19:02,822 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Using authority info access
DEBUG | 07 09:19:02,822 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Retrieving certificate from AuthorityInfoAccess
DEBUG | 07 09:19:02,822 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Trying to retrieve:http://www.a-trust.at/certs/a-sign-corporate-light-02a.crt
DEBUG | 07 09:19:02,900 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Certificate already in cache
DEBUG | 07 09:19:02,900 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Constructing chain, current size 2
DEBUG | 07 09:19:02,900 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=found 1 chains
DEBUG | 07 09:19:02,900 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Validating chain number 1:
DEBUG | 07 09:19:02,900 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=cert 1: srlNr: 469474, subjectDN: EMAIL=dsk@dsk.gv.at,serialNumber=325928323998,CN=Signaturservice Datenschutzkommission,OU=Stammzahlregisterbehoerde,O=Datenschutzkommission,C=AT
DEBUG | 07 09:19:02,900 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=cert 2: srlNr: 58536, subjectDN: CN=a-sign-corporate-light-02,OU=a-sign-corporate-light-02,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT
DEBUG | 07 09:19:02,900 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Validator configured successfully
DEBUG | 07 09:19:02,931 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Signature date: Fri Apr 12 15:43:38 CEST 2013
DEBUG | 07 09:19:02,931 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=chain.size(): 2
DEBUG | 07 09:19:02,931 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=trust anchor Version: 3
Serial number: 58536
Signature algorithm: sha1WithRSAEncryption (1.2.840.113549.1.1.5)
Issuer: CN=A-Trust-Qual-02,OU=A-Trust-Qual-02,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT
Valid not before: Wed Dec 15 00:00:00 CET 2004
not after: Sun Dec 14 00:00:00 CET 2014
Subject: CN=a-sign-corporate-light-02,OU=a-sign-corporate-light-02,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT
Sun RSA public key, 2048 bits
modulus: 18638627717728127183529693706031995220967849325514314636921450981432722904817956110351962497330315197923049194130348767011429342226566732087506538776148005240789185027722216416436240189734705801878388833437851767464291767268650328406941540076296589563459561977592599385272006722196019746361310731109090005024507734307168900021049757894782371249015445620420850576639803739283420102941050383695089275173461831581916410023141108588620488987902612574363233139314281709363034995389514581416105769022522871023180289417004532832144183116302094834742275304344347287015239370658612351116139285143797201785159776114260102873399
public exponent: 65537
Certificate Fingerprint (MD5) : 3A:E7:F3:26:6C:D7:EA:E8:2E:2B:E5:FA:D1:19:8D:39
Certificate Fingerprint (SHA-1): 4D:52:37:30:50:1A:DB:80:A7:6B:0B:47:3A:4D:21:C7:D8:6F:83:74
Extensions: 5
DEBUG | 07 09:19:02,931 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Using chaining mode: pkix
DEBUG | 07 09:19:02,947 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=current certificate: Version: 3
Serial number: 469474
Signature algorithm: sha1WithRSAEncryption (1.2.840.113549.1.1.5)
Issuer: CN=a-sign-corporate-light-02,OU=a-sign-corporate-light-02,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT
Valid not before: Wed Jul 28 13:36:43 CEST 2010
not after: Tue Jul 28 13:36:43 CEST 2015
Subject: EMAIL=dsk@dsk.gv.at,serialNumber=325928323998,CN=Signaturservice Datenschutzkommission,OU=Stammzahlregisterbehoerde,O=Datenschutzkommission,C=AT
Sun RSA public key, 2048 bits
modulus: 28228571472454126468124436806957295157143716699614265907698482773777886784505475495711862158944231845901906624933911404258318534994833542446817197473411192411047747204271732495750869476848340675208016893997271801472682257349381991688028673865438188916805075860989442611482704525599666844927174912231143382307513870695360001766469780246375412696390975229327072689875536044839614355223208155866700922610200157300797014481257879629645197861736050144013076837211976908527659475536442363319191732040528144541564375887902967232699897438502602140981325527460077864201849599283808430631757257147018427247677133868550774778163
public exponent: 65537
Certificate Fingerprint (MD5) : D3:85:F0:B5:B5:2D:77:E2:2F:CD:9D:BF:79:EA:35:30
Certificate Fingerprint (SHA-1): A2:F1:38:CD:16:AD:04:BC:3F:14:5E:37:80:BF:A1:69:BF:DA:26:3B
Extensions: 10
DEBUG | 07 09:19:02,947 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=selfIssued: false
DEBUG | 07 09:19:02,947 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Checking certificate validity at Fri Apr 12 15:43:38 CEST 2013
DEBUG | 07 09:19:02,947 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Verifying the signature with the issuer: Version: 3
Serial number: 58536
Signature algorithm: sha1WithRSAEncryption (1.2.840.113549.1.1.5)
Issuer: CN=A-Trust-Qual-02,OU=A-Trust-Qual-02,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT
Valid not before: Wed Dec 15 00:00:00 CET 2004
not after: Sun Dec 14 00:00:00 CET 2014
Subject: CN=a-sign-corporate-light-02,OU=a-sign-corporate-light-02,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT
Sun RSA public key, 2048 bits
modulus: 18638627717728127183529693706031995220967849325514314636921450981432722904817956110351962497330315197923049194130348767011429342226566732087506538776148005240789185027722216416436240189734705801878388833437851767464291767268650328406941540076296589563459561977592599385272006722196019746361310731109090005024507734307168900021049757894782371249015445620420850576639803739283420102941050383695089275173461831581916410023141108588620488987902612574363233139314281709363034995389514581416105769022522871023180289417004532832144183116302094834742275304344347287015239370658612351116139285143797201785159776114260102873399
public exponent: 65537
Certificate Fingerprint (MD5) : 3A:E7:F3:26:6C:D7:EA:E8:2E:2B:E5:FA:D1:19:8D:39
Certificate Fingerprint (SHA-1): 4D:52:37:30:50:1A:DB:80:A7:6B:0B:47:3A:4D:21:C7:D8:6F:83:74
Extensions: 5
DEBUG | 07 09:19:02,947 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Checking key id
DEBUG | 07 09:19:02,962 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Signature successfully verified
DEBUG | 07 09:19:02,962 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=new working key: Sun RSA public key, 2048 bits
modulus: 28228571472454126468124436806957295157143716699614265907698482773777886784505475495711862158944231845901906624933911404258318534994833542446817197473411192411047747204271732495750869476848340675208016893997271801472682257349381991688028673865438188916805075860989442611482704525599666844927174912231143382307513870695360001766469780246375412696390975229327072689875536044839614355223208155866700922610200157300797014481257879629645197861736050144013076837211976908527659475536442363319191732040528144541564375887902967232699897438502602140981325527460077864201849599283808430631757257147018427247677133868550774778163
public exponent: 65537
DEBUG | 07 09:19:02,962 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Found OCSP URL:http://ocsp.a-trust.at/ocsp
DEBUG | 07 09:19:02,994 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Caching for ocsp disabled
INFO | 07 09:19:02,994 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Sending ocsp request to: http://ocsp.a-trust.at/ocsp
DEBUG | 07 09:19:02,994 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=(ocsp request: Version: 1
request 0: {
reqCert: {
certID:{
hashAlgorithm: SHA (1.3.14.3.2.26)
issuerNameHash: AC:1B:67:D7:D5:A3:00:76:7C:09:44:AC:E8:45:8D:D4:99:60:F1:BD
issuerKeyHash: 00:19:67:CB:5F:1E:A0:51:4E:77:A8:A5:09:1C:58:3A:4F:E8:0D:03
serialNumber: 469474
}
}
}
Extension 1: not critical Nonce
04:10:5D:33:08:A7:C9:1D:C5:EF:56:31:3B:64:25:28:B3:D1
)
INFO | 07 09:19:03,197 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=OCSP response successfully received
DEBUG | 07 09:19:03,197 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Archive Cutoff date included in OCSP response: Sat Jan 01 01:00:00 CET 2000.
INFO | 07 09:19:03,197 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Archiving disabled.
DEBUG | 07 09:19:03,197 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Checking if OCSP responder is trusted
DEBUG | 07 09:19:03,197 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Nonce check OK
DEBUG | 07 09:19:03,197 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Chaining mode is "pkix", using OCSP download time (Fri Feb 07 09:19:03 CET 2014) for checking OCSP issuer trust.
DEBUG | 07 09:19:03,197 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=3 ocsp issuer candidate(s) included in response
DEBUG | 07 09:19:03,197 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=OCSP signing extended key usage included in OCSP signer certificate.
DEBUG | 07 09:19:03,197 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=EE cert key usage checked disabled
DEBUG | 07 09:19:03,197 | http-bio-8080-exec-5 | TID=<null> NID=<null> MSG=storing cert "serialNumber=896929130327,givenName=OCSP,SN=Responder 03-1,CN=OCSP Responder 03-1,C=AT" to: c: omcatmoa-spsscertstoreE47BA33321A8A919414A123C91F5D253766AB078
INFO | 07 09:19:03,197 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=c: omcatmoa-spsscertstoreE47BA33321A8A919414A123C91F5D253766AB078698563ECEE29232C5304487D972310F86650C3A6
DEBUG | 07 09:19:03,197 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Constructing chain, current size 1
DEBUG | 07 09:19:03,197 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Searching certstores: false
DEBUG | 07 09:19:03,212 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Constructing chain, current size 1
DEBUG | 07 09:19:03,212 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Searching certstores: true
DEBUG | 07 09:19:03,212 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG= Searching for certificate CN=a-sign-SSL-03,OU=a-sign-SSL-03,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT in CertStores
DEBUG | 07 09:19:03,212 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=# of CertStores to search for: 1
DEBUG | 07 09:19:03,212 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Type of CertSelector for CertStore # 0:iaik.pki.store.certstore.directory.DirectoryCertSelector -- CN=a-sign-SSL-03,OU=a-sign-SSL-03,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT
DEBUG | 07 09:19:03,212 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Checking for new certificates to be added
DEBUG | 07 09:19:03,212 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Trying to get certificate from directory cert store
DEBUG | 07 09:19:03,212 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Searching 1 certificates
DEBUG | 07 09:19:03,212 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Found 1 certificates in the directory cert store
DEBUG | 07 09:19:03,212 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG= # of certificates found in CertStores: 1
DEBUG | 07 09:19:03,212 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Using authority info access
DEBUG | 07 09:19:03,212 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Retrieving certificate from AuthorityInfoAccess
DEBUG | 07 09:19:03,212 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Trying to retrieve:http://www.a-trust.at/certs/a-sign-ssl-03.crt
DEBUG | 07 09:19:03,259 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Certificate already in cache
DEBUG | 07 09:19:03,259 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Constructing chain, current size 2
DEBUG | 07 09:19:03,259 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Searching certstores: true
DEBUG | 07 09:19:03,259 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG= Searching for certificate CN=A-Trust-nQual-03,OU=A-Trust-nQual-03,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT in CertStores
DEBUG | 07 09:19:03,259 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=# of CertStores to search for: 1
DEBUG | 07 09:19:03,259 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Type of CertSelector for CertStore # 0:iaik.pki.store.certstore.directory.DirectoryCertSelector -- CN=A-Trust-nQual-03,OU=A-Trust-nQual-03,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT
DEBUG | 07 09:19:03,259 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Checking for new certificates to be added
DEBUG | 07 09:19:03,259 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Trying to get certificate from directory cert store
DEBUG | 07 09:19:03,259 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Searching 1 certificates
DEBUG | 07 09:19:03,259 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Found 1 certificates in the directory cert store
DEBUG | 07 09:19:03,259 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG= # of certificates found in CertStores: 1
DEBUG | 07 09:19:03,259 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Using authority info access
DEBUG | 07 09:19:03,259 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Constructing chain, current size 3
DEBUG | 07 09:19:03,259 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=found 1 chains
DEBUG | 07 09:19:03,259 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Validating chain number 1:
DEBUG | 07 09:19:03,275 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=cert 1: srlNr: 1026306, subjectDN: serialNumber=896929130327,givenName=OCSP,SN=Responder 03-1,CN=OCSP Responder 03-1,C=AT
DEBUG | 07 09:19:03,275 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=cert 2: srlNr: 156984, subjectDN: CN=a-sign-SSL-03,OU=a-sign-SSL-03,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT
DEBUG | 07 09:19:03,275 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=cert 3: srlNr: 93214, subjectDN: CN=A-Trust-nQual-03,OU=A-Trust-nQual-03,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT
DEBUG | 07 09:19:03,275 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Validator configured successfully
DEBUG | 07 09:19:03,275 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Signature date: Fri Feb 07 09:19:03 CET 2014
DEBUG | 07 09:19:03,275 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=chain.size(): 3
DEBUG | 07 09:19:03,275 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=trust anchor Version: 3
Serial number: 93214
Signature algorithm: sha1WithRSAEncryption (1.2.840.113549.1.1.5)
Issuer: CN=A-Trust-nQual-03,OU=A-Trust-nQual-03,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT
Valid not before: Thu Aug 18 00:00:00 CEST 2005
not after: Tue Aug 18 00:00:00 CEST 2015
Subject: CN=A-Trust-nQual-03,OU=A-Trust-nQual-03,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT
Sun RSA public key, 2048 bits
modulus: 21869494653668008918844416385089536007956225270862081298487263355890560226700562804915764272717665176511808263470151370737245936376007321228910776135206539382049322015441321107832811170624147336576247878439205936313185834711100345804543985910563482404766787381448703074157514940925242577844532069792114520939247642141653120918631594775695648736927917049560150588183939350534202927535627888832431971627873035096068204585072738119223276433034861222809063050004964113769382281608944412757800218655912063926459139096991397100458852994391712594476052252831557719562192501721507019517112894869843669179964120175312781185203
public exponent: 65537
Certificate Fingerprint (MD5) : 49:63:AE:27:F4:D5:95:3D:D8:DB:24:86:B8:9C:07:53
Certificate Fingerprint (SHA-1): D3:C0:63:F2:19:ED:07:3E:34:AD:5D:75:0B:32:76:29:FF:D5:9A:F2
Extensions: 3
DEBUG | 07 09:19:03,275 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Using chaining mode: pkix
DEBUG | 07 09:19:03,275 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=current certificate: Version: 3
Serial number: 156984
Signature algorithm: sha1WithRSAEncryption (1.2.840.113549.1.1.5)
Issuer: CN=A-Trust-nQual-03,OU=A-Trust-nQual-03,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT
Valid not before: Thu Aug 17 00:00:00 CEST 2006
not after: Wed Aug 17 00:00:00 CEST 2016
Subject: CN=a-sign-SSL-03,OU=a-sign-SSL-03,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT
Sun RSA public key, 2048 bits
modulus: 25822119301571569388552575661185325199001052732593736766820966724796615738017137271162510156834027510806219653882732570870991983095330332807143005476393668312821422185853800527818394191697879670137001245318817050519495679704226451727669480268214164912233873796281136094619435468481940184326998110104036669153301940395401839965660002848419682833799600610675211997542687171285593046298039737462232288054642678636030613229660674098467339213936756525601761322919440652764652330042665384336256014152191116797972591298079180232707529530708503732213892540511146699969215180502298424460895756960961732868801272689438776527023
public exponent: 65537
Certificate Fingerprint (MD5) : C3:67:02:7F:E4:8F:0D:F3:28:02:4B:17:06:D9:05:55
Certificate Fingerprint (SHA-1): FE:4F:09:F5:D1:A4:AA:DE:92:32:D9:E2:D6:B9:A2:55:2B:C4:8A:22
Extensions: 5
DEBUG | 07 09:19:03,275 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=selfIssued: false
DEBUG | 07 09:19:03,275 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Checking certificate validity at Fri Feb 07 09:19:03 CET 2014
DEBUG | 07 09:19:03,290 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Verifying the signature with the issuer: Version: 3
Serial number: 93214
Signature algorithm: sha1WithRSAEncryption (1.2.840.113549.1.1.5)
Issuer: CN=A-Trust-nQual-03,OU=A-Trust-nQual-03,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT
Valid not before: Thu Aug 18 00:00:00 CEST 2005
not after: Tue Aug 18 00:00:00 CEST 2015
Subject: CN=A-Trust-nQual-03,OU=A-Trust-nQual-03,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT
Sun RSA public key, 2048 bits
modulus: 21869494653668008918844416385089536007956225270862081298487263355890560226700562804915764272717665176511808263470151370737245936376007321228910776135206539382049322015441321107832811170624147336576247878439205936313185834711100345804543985910563482404766787381448703074157514940925242577844532069792114520939247642141653120918631594775695648736927917049560150588183939350534202927535627888832431971627873035096068204585072738119223276433034861222809063050004964113769382281608944412757800218655912063926459139096991397100458852994391712594476052252831557719562192501721507019517112894869843669179964120175312781185203
public exponent: 65537
Certificate Fingerprint (MD5) : 49:63:AE:27:F4:D5:95:3D:D8:DB:24:86:B8:9C:07:53
Certificate Fingerprint (SHA-1): D3:C0:63:F2:19:ED:07:3E:34:AD:5D:75:0B:32:76:29:FF:D5:9A:F2
Extensions: 3
DEBUG | 07 09:19:03,290 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Checking key id
DEBUG | 07 09:19:03,290 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Signature successfully verified
DEBUG | 07 09:19:03,290 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=new working key: Sun RSA public key, 2048 bits
modulus: 25822119301571569388552575661185325199001052732593736766820966724796615738017137271162510156834027510806219653882732570870991983095330332807143005476393668312821422185853800527818394191697879670137001245318817050519495679704226451727669480268214164912233873796281136094619435468481940184326998110104036669153301940395401839965660002848419682833799600610675211997542687171285593046298039737462232288054642678636030613229660674098467339213936756525601761322919440652764652330042665384336256014152191116797972591298079180232707529530708503732213892540511146699969215180502298424460895756960961732868801272689438776527023
public exponent: 65537
DEBUG | 07 09:19:03,290 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Certificate status: Unknown at Fri Feb 07 09:19:03 CET 2014
INFO | 07 09:19:03,290 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Certificate revocation check failed Unknown
DEBUG | 07 09:19:03,290 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Checking key id
DEBUG | 07 09:19:03,306 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Signature successfully verified
DEBUG | 07 09:19:03,306 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Chain validation failed: REVOCATION error
INFO | 07 09:19:03,306 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Certificate validation failed
WARN | 07 09:19:03,306 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=OCSP response not trusted thus setting revocation status to unknown
DEBUG | 07 09:19:03,306 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Certificate status: Unknown at Fri Apr 12 15:43:38 CEST 2013
INFO | 07 09:19:03,306 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Certificate revocation check failed Unknown
DEBUG | 07 09:19:03,306 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Chain validation failed: REVOCATION error
INFO | 07 09:19:03,306 | http-bio-8080-exec-5 | TID=http-bio-8080-exec-5 NID=<null> MSG=Certificate validation failed
ERROR | 07 09:19:03,337 | http-bio-8080-exec-5 | Das Zertifikat der Personenbindung ist ungültig.<br>Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konnte konstruiert werden. Für alle Zertifikate dieser Kette fällt der Prüfzeitpunkt in das jeweilige Gültigkeitsintervall. Für zumindest ein Zertifikat konnte der Zertifikatstatus nicht festgestellt werden.
at.gv.egovernment.moa.id.auth.validator.ValidateException: Das Zertifikat der Personenbindung ist ungültig.<br>Eine formal korrekte Zertifikatskette vom Signatorzertifikat zu einem vertrauenswürdigen Wurzelzertifikat konnte konstruiert werden. Für alle Zertifikate dieser Kette fällt der Prüfzeitpunkt in das jeweilige Gültigkeitsintervall. Für zumindest ein Zertifikat konnte der Zertifikatstatus nicht festgestellt werden.
at at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator.validate(VerifyXMLSignatureResponseValidator.java:105)
at at.gv.egovernment.moa.id.auth.AuthenticationServer.verifyIdentityLink(AuthenticationServer.java:565)
at at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet.doPost(VerifyIdentityLinkServlet.java:138)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:409)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1044)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:313)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)
Alles anzeigen