Spring-WS запрос завершается неудачно, но soapUI работает

Question

Я использую spring-ws для вызова безопасного мыльного веб-сервиса.У меня есть сертификат клиента для подписи моих исходящих запросов, а также сертификат сервера для проверки ответа сервера.

Вот вывод консоли

01:12:24.373 [main] INFO org.springframework.ws.soap.saaj.SaajSoapMessageFactory - Creating SAAJ 1.3 MessageFactory with SOAP 1.1 Protocol
01:12:24.418 [main] DEBUG org.springframework.ws.soap.saaj.SaajSoapMessageFactory - Using MessageFactory class [com.sun.xml.internal.messaging.saaj.soap.ver1_1.SOAPMessageFactory1_1Impl]
01:12:25.378 [main] INFO com.myapp.WsConfig - Loaded keystore: file:/C:/dev/git/myapp/target/classes/cert/client-keystore.p12
01:12:25.455 [main] INFO com.myapp.WsConfig - Loaded trustStore: file:/C:/dev/git/myapp/target/classes/cert/client-truststore.jks
01:12:26.469 [main] DEBUG org.springframework.ws.transport.http.HttpsUrlConnectionMessageSender - Initialized SSL Context with key managers [sun.security.ssl.SunX509KeyManagerImpl@2133814f] trust managers [sun.security.ssl.X509TrustManagerImpl@4c15e7fd] secure random [null]
01:12:26.475 [main] DEBUG org.springframework.ws.client.core.WebServiceTemplate - Opening [org.springframework.ws.transport.http.HttpUrlConnection@38c5cc4c] to [https://integration-env.com/service-gateway.v1]
01:12:26.544 [main] INFO org.springframework.oxm.jaxb.Jaxb2Marshaller - Creating JAXBContext with context path [com.myapp.generated]
01:12:27.530 [main] DEBUG org.springframework.ws.client.MessageTracing.sent - Sent request [SaajSoapMessage {urn:services-types:v1}Request]
01:12:27.973 [main] DEBUG org.springframework.ws.transport.support.TransportUtils - Could not close WebServiceConnection
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1964)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:328)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
    at sun.security.ssl.Handshaker.process_record(Handshaker.java:987)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1072)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
    at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1334)
    at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1309)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:259)
    at org.springframework.ws.transport.http.HttpUrlConnection.getRequestOutputStream(HttpUrlConnection.java:89)
    at org.springframework.ws.transport.AbstractSenderConnection$RequestTransportOutputStream.createOutputStream(AbstractSenderConnection.java:87)
    at org.springframework.ws.transport.TransportOutputStream.getOutputStream(TransportOutputStream.java:41)
    at org.springframework.ws.transport.TransportOutputStream.close(TransportOutputStream.java:49)
    at org.springframework.ws.transport.AbstractWebServiceConnection.close(AbstractWebServiceConnection.java:141)
    at org.springframework.ws.transport.support.TransportUtils.closeConnection(TransportUtils.java:45)
    at org.springframework.ws.client.core.WebServiceTemplate.sendAndReceive(WebServiceTemplate.java:564)
    at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:390)
    at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:383)
    at org.springframework.ws.client.core.WebServiceTemplate.marshalSendAndReceive(WebServiceTemplate.java:373)
    at com.myapp.SprinClient.getScoring(SprinClient.java:31)
    at com.myapp.ClientTest.runService.java:26)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
    at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
    at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
    at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
    at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
    at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
    at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
    at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
    at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
    at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
    at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
    at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
    at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
    at org.junit.runner.JUnitCore.run(JUnitCore.java:137)
    at com.intellij.junit4.JUnit4IdeaTestRunner.startRunnerWithArgs(JUnit4IdeaTestRunner.java:68)
    at com.intellij.rt.execution.junit.IdeaTestRunner$Repeater.startRunnerWithArgs(IdeaTestRunner.java:47)
    at com.intellij.rt.execution.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:242)
    at com.intellij.rt.execution.junit.JUnitStarter.main(JUnitStarter.java:70)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
    at sun.security.validator.Validator.validate(Validator.java:262)
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
    at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:229)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:124)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1596)
    ... 46 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
    ... 52 common frames omitted

А вот мой конфиг:

@Configuration
public class WsConfig {

    private static final Logger log = LoggerFactory.getLogger(WsConfig.class);

    @Value("${default-uri}")
    private String defaultUri;

    @Value("${ssl.trust-store}")
    private Resource trustStore;

    @Value("${ssl.trust-store-password}")
    private String trustStorePassword;

    @Value("${ssl.key-store}")
    private Resource keyStore;

    @Value("${ssl.key-store-password}")
    private String keyStorePassword;

    @Bean
    public Jaxb2Marshaller jaxb2Marshaller() {
        Jaxb2Marshaller marshaller = new Jaxb2Marshaller();
        marshaller.setContextPath("com.myapp.generated");
        return marshaller;
    }

    @Bean
    public WebServiceTemplate webServiceTemplate() throws Exception {
        WebServiceTemplate webServiceTemplate = new WebServiceTemplate();
        webServiceTemplate.setMarshaller(jaxb2Marshaller());
        webServiceTemplate.setUnmarshaller(jaxb2Marshaller());
        webServiceTemplate.setDefaultUri(defaultUri);
        webServiceTemplate.setMessageSender(httpsUrlConnectionMessageSender());

        return webServiceTemplate;
    }

    @Bean
    public HttpsUrlConnectionMessageSender httpsUrlConnectionMessageSender() throws Exception {
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(this.keyStore.getInputStream(), keyStorePassword.toCharArray());
        log.info("Loaded keystore: {}", this.keyStore.getURI().toString());
        this.keyStore.getInputStream().close();
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, keyStorePassword.toCharArray());

        KeyStore trustStore = KeyStore.getInstance("JKS");
        trustStore.load(this.trustStore.getInputStream(), trustStorePassword.toCharArray());
        log.info("Loaded trustStore: " + this.trustStore.getURI().toString());
        this.trustStore.getInputStream().close();
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(trustStore);

        HttpsUrlConnectionMessageSender messageSender = new HttpsUrlConnectionMessageSender();
        messageSender.setKeyManagers(keyManagerFactory.getKeyManagers());
        messageSender.setTrustManagers(trustManagerFactory.getTrustManagers());
        return messageSender;
    }

---

А в классе «Мой клиент» я использую этот webServiceTemplate следующим образом:

@Component
public class WsClient {

    private static final Logger log = LoggerFactory.getLogger(WsClient.class);
    private WebServiceTemplate webServiceTemplate;

    @Autowired
    public SpringArvatoClient(WebServiceTemplate webServiceTemplate) {
        this.webServiceTemplate = webServiceTemplate;
    }

    public void callService(DataObject data) {

        JAXBElement<RequestType> request = createRequestType(data);

        ResponseType response = (ResponseType) webServiceTemplate
                .marshalSendAndReceive(request);

    }

В soapUI я могу выполнить запрос и получить ответ правильно.Я думаю, что это может потерпеть неудачу, потому что я неправильно настроил безопасность для spring-ws.Я добавил хранилище ключей и хранилище доверенных сертификатов и оба * store-passwords.Далее в soapUI я смог настроить конкретный алгоритм подписи, алгоритм дайджеста и канонизацию подписи, но я не знаю, как настроить его с помощью spring-ws.

Вот моя конфигурация безопасности soapUI:

Конфигурация безопасности soapUI

---

ОБНОВЛЕНИЕ (логи ssl):

см.мой другой ответ, потому что stackoverflow ограничивает это тело 30000 символами.

Answer 1

ОБНОВЛЕНИЕ (логи ssl):

15:06:34.060 [main] INFO org.springframework.ws.soap.saaj.SaajSoapMessageFactory - Creating SAAJ 1.3 MessageFactory with SOAP 1.1 Protocol
15:06:34.097 [main] DEBUG org.springframework.ws.soap.saaj.SaajSoapMessageFactory - Using MessageFactory class [com.sun.xml.internal.messaging.saaj.soap.ver1_1.SOAPMessageFactory1_1Impl]
15:06:35.049 [main] INFO com.myapp.base.service.WsConfig - Loaded keystore: file:/C:/dev/git/myapp/base-be/base-service-provider/target/classes/cert/client-keystore.p12
***
found key for : integration
chain [0] = [
[
  Version: V3
  Subject: CN=INTEGRATION, OU=Inte, O=INTEGRATION, L=Baden-Baden, ST=Baden-Wuerttemberg, C=DE
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 4096 bits
  modulus: 785762...
  public exponent: 65537
  Validity: [From: Wed Oct 14 08:59:04 CEST 2015,
               To: Sat Oct 14 08:59:04 CEST 2023]
  Issuer: EMAILADDRESS=certificate@csservice.provider-sys.de, CN=ASY Server CA, OU=Application Hosting, O=provider sys GmbH, L=Neustadt, ST=NRW, C=DE
  SerialNumber: [    c0]

Certificate Extensions: 7
[1]: ObjectId: 2.16.840.1.113730.1.13 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 1E 16 1C 41 53 59 20   43 41 20 47 65 6E 65 72  ....ASY CA Gener
0010: 61 74 65 64 20 43 65 72   74 69 66 69 63 61 74 65  ated Certificate


[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 78 BF C1 12 7C 6A 88 23   CD E2 2D 2B 03 56 DA 80  x....j.#..-+.V..
0010: E0 FA 15 ED                                        ....
]
[EMAILADDRESS=certificate@csservice.provider-sys.de, CN=provider sys - CA0 Primary Certification Authority, OU=Security, O=provider sys GmbH, L=Neustadt, ST=NRW, C=DE]
SerialNumber: [    0b]
]

[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:false
  PathLen: undefined
]

[4]: ObjectId: 2.5.29.18 Criticality=false
IssuerAlternativeName [
  RFC822Name: certificate@csservice.provider-sys.de
]

[5]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  DigitalSignature
  Key_Encipherment
]

[6]: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
   SSL client
   S/MIME
   Object Signing
]

[7]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 2E A8 60 57 8F 1B 4D DE   F7 A7 6A 0A B3 B0 1D 3D  ..`W..M...j....=
0010: C5 85 62 1C                                        ..b.
]
]

Unparseable certificate extensions: 1
[1]: ObjectId: 2.5.29.17 Criticality=false
Unparseable SubjectAlternativeName extension due to
java.io.IOException: No data available in passed DER encoded value.

0000: 30 00                                              0.

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 54 28 38 06 2F 95 72 40   F9 FB CC 7C AB FA 5F B5  T(8./.r@......_.
0010: 7E CF 70 E4 59 6B 96 4C   ED 94 EA 35 74 E9 4C 6B  ..p.Yk.L...5t.Lk
...
00F0: B2 77 82 13 D4 F1 10 96   1C C8 19 9E 05 D8 9C 1B  .w..............

]
***
15:06:35.118 [main] INFO com.myapp.base.service.WsConfig - Loaded trustStore: file:/C:/dev/git/myapp/base-be/base-service-provider/target/classes/cert/client-truststore.jks
adding as trusted cert:
  Subject: CN=big-response, OU=IT, O=company GmbH, L=Baden-Baden, ST=Baden-Wuerttemberg, C=DE
  Issuer:  EMAILADDRESS=certificate@csservice.provider-sys.de, CN=ASY Server CA, OU=Application Hosting, O=provider sys GmbH, L=Neustadt, ST=NRW, C=DE
  Algorithm: RSA; Serial number: 0x86
  Valid from Mon Apr 20 22:45:43 CEST 2015 until Sat Aug 10 22:45:43 CEST 2024

15:06:35.140 [main] INFO com.myapp.base.service.SpringproviderClient - Requesting person score for: Peter Müller...
Ignoring disabled cipher suite: SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
Ignoring disabled cipher suite: SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
Ignoring disabled cipher suite: TLS_KRB5_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5
Ignoring disabled cipher suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
Ignoring disabled cipher suite: TLS_KRB5_WITH_3DES_EDE_CBC_MD5
Ignoring disabled cipher suite: SSL_DH_anon_WITH_RC4_128_MD5
Ignoring disabled cipher suite: SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: SSL_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
Ignoring disabled cipher suite: TLS_ECDH_anon_WITH_RC4_128_SHA
Ignoring disabled cipher suite: TLS_KRB5_EXPORT_WITH_RC4_40_SHA
Ignoring disabled cipher suite: SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
Ignoring disabled cipher suite: TLS_KRB5_WITH_RC4_128_SHA
Ignoring disabled cipher suite: SSL_RSA_EXPORT_WITH_RC4_40_MD5
Ignoring disabled cipher suite: TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA
Ignoring disabled cipher suite: TLS_KRB5_EXPORT_WITH_RC4_40_MD5
Ignoring disabled cipher suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA
Ignoring disabled cipher suite: TLS_KRB5_WITH_RC4_128_MD5
Ignoring disabled cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: SSL_RSA_WITH_RC4_128_SHA
Ignoring disabled cipher suite: TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: TLS_ECDH_RSA_WITH_RC4_128_SHA
Ignoring disabled cipher suite: SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
Ignoring disabled cipher suite: SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA
Ignoring disabled cipher suite: SSL_RSA_WITH_RC4_128_MD5
Ignoring disabled cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: SSL_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: SSL_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring disabled cipher suite: SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
trustStore is: No File Available, using empty keystore.
trustStore type is : jks
trustStore provider is : 
init truststore
keyStore is : cert/client-keystore.p12
keyStore type is : jks
keyStore provider is : 
trigger seeding of SecureRandom
done seeding SecureRandom
15:06:35.998 [main] DEBUG org.springframework.ws.transport.http.HttpsUrlConnectionMessageSender - Initialized SSL Context with key managers [sun.security.ssl.SunX509KeyManagerImpl@23529fee] trust managers [sun.security.ssl.X509TrustManagerImpl@4fe767f3] secure random [null]
15:06:36.004 [main] DEBUG org.springframework.ws.client.core.WebServiceTemplate - Opening [org.springframework.ws.transport.http.HttpUrlConnection@14d3bc22] to [https://integration-big.finance.provider.com/product/big/business-information-gateway.v1.2]
15:06:36.086 [main] INFO org.springframework.oxm.jaxb.Jaxb2Marshaller - Creating JAXBContext with context path [com.myapp.base.service.provider.generated]
15:06:37.333 [main] DEBUG org.springframework.ws.client.MessageTracing.sent - Sent request [SaajSoapMessage {urn:big-services-types:v1.2}Request]
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
main, setSoTimeout(0) called
main, the previous server name in SNI (type=host_name (0), value=integration-big.finance.provider.com) was replaced with (type=host_name (0), value=integration-big.finance.provider.com)
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie:  GMT: 1523263581 bytes = { 157, 84, 247, 157, 102, 185, 160, 253, 225, 94, 207, 129, 26, 5, 32, 166, 246, 45, 135, 19, 99, 14, 52, 150, 110, 73, 254, 116 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension extended_master_secret
Extension server_name, server_name: [type=host_name (0), value=integration-big.finance.provider.com]
***
main, WRITE: TLSv1.2 Handshake, length = 236
main, READ: TLSv1.2 Handshake, length = 93
*** ServerHello, TLSv1.2
RandomCookie:  GMT: 640777025 bytes = { 33, 3, 88, 115, 39, 70, 25, 86, 20, 156, 190, 200, 89, 97, 247, 220, 222, 129, 188, 142, 172, 117, 181, 226, 255, 198, 177, 176 }
Session ID:  {102, 101, 195, 164, 70, 236, 103, 43, 201, 13, 226, 55, 40, 70, 151, 80, 232, 28, 4, 240, 43, 202, 54, 126, 231, 1, 13, 24, 236, 240, 176, 177}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Compression Method: 0
Extension server_name, server_name: 
Extension renegotiation_info, renegotiated_connection: <empty>
Extension ec_point_formats, formats: [uncompressed, ansiX962_compressed_prime, ansiX962_compressed_char2]
***
%% Initialized:  [Session-1, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
** TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
main, READ: TLSv1.2 Handshake, length = 2940
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=big.finance.provider.com, O=provider sys GmbH, L=Neustadt, ST=Nordrhein-Westfalen, C=DE
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits
  modulus: 265764493...
  public exponent: 65537
  Validity: [From: Fri Aug 10 02:00:00 CEST 2018,
               To: Sun Oct 25 13:00:00 CET 2020]
  Issuer: CN=GeoTrust TLS RSA CA G1, OU=www.digicert.com, O=DigiCert Inc, C=US
  SerialNumber: [    0fe6a4fc c5d93b55 f85fdaba 1d765c2f]

Certificate Extensions: 10
[1]: ObjectId: 1.3.6.1.4.1.11129.2.4.2 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 82 01 6C 04 82 01 68   01 66 00 76 00 A4 B9 09  ...l...h.f.v....
0010: 90 B4 18 58 14 87 BB 13   A2 CC 67 70 0A 3C 35 98  ...X......gp.<5.
...
0160: 54 EA 7E 31 14 6E EA 21   19 44 0E C0 97 B0 4A 34  T..1.n.!.D....J4


[2]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: ocsp
   accessLocation: URIName: http://status.geotrust.com
, 
   accessMethod: caIssuers
   accessLocation: URIName: http://cacerts.geotrust.com/GeoTrustTLSRSACAG1.crt
]
]

[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 94 4F D4 5D 8B E4 A4 E2   A6 80 FE FD D8 F9 00 EF  .O.]............
0010: A3 BE 02 57                                        ...W
]
]

[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:false
  PathLen: undefined
]

[5]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://cdp.geotrust.com/GeoTrustTLSRSACAG1.crl]
]]

[6]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [2.16.840.1.114412.1.1]
[PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000: 16 1C 68 74 74 70 73 3A   2F 2F 77 77 77 2E 64 69  ..https://www.di
0010: 67 69 63 65 72 74 2E 63   6F 6D 2F 43 50 53        gicert.com/CPS

]]  ]
  [CertificatePolicyId: [2.23.140.1.2.2]
[]  ]
]

[7]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  serverAuth
  clientAuth
]

[8]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  DigitalSignature
  Key_Encipherment
]

[9]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  DNSName: big.finance.provider.com
  DNSName: acceptance-big.finance.provider.com
  DNSName: integration-big.finance.provider.com
]

[10]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: B7 CD F4 D3 84 2E D2 B5   0D 6F BE 18 C4 75 BD E3  .........o...u..
0010: A2 51 7A 4A                                        .QzJ
]
]

]
  Algorithm: [SHA256withRSA]
  Signature:
0000: 5F B7 0D DC 75 3F EE 4F   D3 15 12 6C 56 47 C5 D8  _...u?.O...lVG..
0010: 83 04 01 F9 23 40 E9 72   0E 19 7A 69 A4 F7 1F FD  ....#@.r..zi....
...
00F0: 3F 33 BF 95 7D D8 C9 B2   3F 88 5E 46 FA B1 D8 46  ?3......?.^F...F

]
chain [1] = [
[
  Version: V3
  Subject: CN=GeoTrust TLS RSA CA G1, OU=www.digicert.com, O=DigiCert Inc, C=US
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits
  modulus: 2399706833...
  public exponent: 65537
  Validity: [From: Thu Nov 02 13:23:37 CET 2017,
               To: Tue Nov 02 13:23:37 CET 2027]
  Issuer: CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US
  SerialNumber: [    0d07782a 133fc6f9 a57296e1 31ffd179]

Certificate Extensions: 8
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: ocsp
   accessLocation: URIName: http://ocsp.digicert.com
]
]

[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 4E 22 54 20 18 95 E6 E3   6E E6 0F FA FA B9 12 ED  N"T ....n.......
0010: 06 17 8F 39                                        ...9
]
]

[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:true
  PathLen:0
]

[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://crl3.digicert.com/DigiCertGlobalRootG2.crl]
]]

[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [2.5.29.32.0]
[PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000: 16 1C 68 74 74 70 73 3A   2F 2F 77 77 77 2E 64 69  ..https://www.di
0010: 67 69 63 65 72 74 2E 63   6F 6D 2F 43 50 53        gicert.com/CPS

]]  ]
]

[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  serverAuth
  clientAuth
]

[7]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  DigitalSignature
  Key_CertSign
  Crl_Sign
]

[8]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 94 4F D4 5D 8B E4 A4 E2   A6 80 FE FD D8 F9 00 EF  .O.]............
0010: A3 BE 02 57                                        ...W
]
]

]
  Algorithm: [SHA256withRSA]
  Signature:
0000: 82 1C 04 3A 82 E9 C5 A9   C8 65 12 5C 08 E3 01 C6  ...:.....e.\....
0010: 30 B0 AE 22 88 61 7B 2B   07 86 F7 B8 B5 44 9C F5  0..".a.+.....D..
...
00F0: 1E 12 78 CE 98 F2 5F FB   30 14 69 3C 2C FA 97 C6  ..x..._.0.i<,...

]
***
%% Invalidated:  [Session-1, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
main, SEND TLSv1.2 ALERT:  fatal, description = certificate_unknown
main, WRITE: TLSv1.2 Alert, length = 2
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
main, called close()
main, called closeInternal(true)
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
main, setSoTimeout(0) called
main, the previous server name in SNI (type=host_name (0), value=integration-big.finance.provider.com) was replaced with (type=host_name (0), value=integration-big.finance.provider.com)
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
...
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie:  GMT: 1523263582 bytes = { 233, 137, 188, 176, 188, 141, 243, 246, 241, 46, 216, 176, 148, 127, 13, 141, 61, 15, 229, 181, 114, 136, 25, 152, 186, 210, 74, 84 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, ...TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension extended_master_secret
Extension server_name, server_name: [type=host_name (0), value=integration-big.finance.provider.com]
***
main, WRITE: TLSv1.2 Handshake, length = 236
main, READ: TLSv1.2 Handshake, length = 93
*** ServerHello, TLSv1.2
RandomCookie:  GMT: -1281780602 bytes = { 25, 40, 240, 160, 112, 50, 173, 202, 228, 58, 25, 10, 96, 229, 146, 183, 117, 29, 144, 139, 251, 115, 129, 238, 237, 148, 64, 78 }
Session ID:  {15, 37, 184, 159, 154, 113, 92, 50, 245, 234, 44, 169, 89, 215, 100, 45, 5, 95, 39, 194, 120, 37, 117, 0, 40, 67, 177, 253, 233, 19, 35, 57}
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Compression Method: 0
Extension server_name, server_name: 
Extension renegotiation_info, renegotiated_connection: <empty>
Extension ec_point_formats, formats: [uncompressed, ansiX962_compressed_prime, ansiX962_compressed_char2]
***
%% Initialized:  [Session-2, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
** TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
main, READ: TLSv1.2 Handshake, length = 2940
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=big.finance.provider.com, O=provider sys GmbH, L=Neustadt, ST=Nordrhein-Westfalen, C=DE
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits
  modulus: 26538155...
  public exponent: 65537
  Validity: [From: Fri Aug 10 02:00:00 CEST 2018,
               To: Sun Oct 25 13:00:00 CET 2020]
  Issuer: CN=GeoTrust TLS RSA CA G1, OU=www.digicert.com, O=DigiCert Inc, C=US
  SerialNumber: [    0fe6a4fc c5d93b55 f85fdaba 1d765c2f]

Certificate Extensions: 10
[1]: ObjectId: 1.3.6.1.4.1.11129.2.4.2 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 82 01 6C 04 82 01 68   01 66 00 76 00 A4 B9 09  ...l...h.f.v....
0010: 90 B4 18 58 14 87 BB 13   A2 CC 67 70 0A 3C 35 98  ...X......gp.<5.
...
0160: 54 EA 7E 31 14 6E EA 21   19 44 0E C0 97 B0 4A 34  T..1.n.!.D....J4


[2]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: ocsp
   accessLocation: URIName: http://status.geotrust.com
, 
   accessMethod: caIssuers
   accessLocation: URIName: http://cacerts.geotrust.com/GeoTrustTLSRSACAG1.crt
]
]

[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 94 4F D4 5D 8B E4 A4 E2   A6 80 FE FD D8 F9 00 EF  .O.]............
0010: A3 BE 02 57                                        ...W
]
]

[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:false
  PathLen: undefined
]

[5]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://cdp.geotrust.com/GeoTrustTLSRSACAG1.crl]
]]

[6]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [2.16.840.1.114412.1.1]
[PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000: 16 1C 68 74 74 70 73 3A   2F 2F 77 77 77 2E 64 69  ..https://www.di
0010: 67 69 63 65 72 74 2E 63   6F 6D 2F 43 50 53        gicert.com/CPS

]]  ]
  [CertificatePolicyId: [2.23.140.1.2.2]
[]  ]
]

[7]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  serverAuth
  clientAuth
]

[8]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  DigitalSignature
  Key_Encipherment
]

[9]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  DNSName: big.finance.provider.com
  DNSName: acceptance-big.finance.provider.com
  DNSName: integration-big.finance.provider.com
]

[10]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: B7 CD F4 D3 84 2E D2 B5   0D 6F BE 18 C4 75 BD E3  .........o...u..
0010: A2 51 7A 4A                                        .QzJ
]
]

]
  Algorithm: [SHA256withRSA]
  Signature:
0000: 5F B7 0D DC 75 3F EE 4F   D3 15 12 6C 56 47 C5 D8  _...u?.O...lVG..
0010: 83 04 01 F9 23 40 E9 72   0E 19 7A 69 A4 F7 1F FD  ....#@.r..zi....
...
00F0: 3F 33 BF 95 7D D8 C9 B2   3F 88 5E 46 FA B1 D8 46  ?3......?.^F...F

]
chain [1] = [
[
  Version: V3
  Subject: CN=GeoTrust TLS RSA CA G1, OU=www.digicert.com, O=DigiCert Inc, C=US
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits
  modulus: 239970683...
  public exponent: 65537
  Validity: [From: Thu Nov 02 13:23:37 CET 2017,
               To: Tue Nov 02 13:23:37 CET 2027]
  Issuer: CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US
  SerialNumber: [    0d07782a 133fc6f9 a57296e1 31ffd179]

Certificate Extensions: 8
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: ocsp
   accessLocation: URIName: http://ocsp.digicert.com
]
]

[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 4E 22 54 20 18 95 E6 E3   6E E6 0F FA FA B9 12 ED  N"T ....n.......
0010: 06 17 8F 39                                        ...9
]
]

[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:true
  PathLen:0
]

[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://crl3.digicert.com/DigiCertGlobalRootG2.crl]
]]

[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [2.5.29.32.0]
[PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000: 16 1C 68 74 74 70 73 3A   2F 2F 77 77 77 2E 64 69  ..https://www.di
0010: 67 69 63 65 72 74 2E 63   6F 6D 2F 43 50 53        gicert.com/CPS

]]  ]
]

[6]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  serverAuth
  clientAuth
]

[7]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  DigitalSignature
  Key_CertSign
  Crl_Sign
]

[8]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 94 4F D4 5D 8B E4 A4 E2   A6 80 FE FD D8 F9 00 EF  .O.]............
0010: A3 BE 02 57                                        ...W
]
]

]
  Algorithm: [SHA256withRSA]
  Signature:
0000: 82 1C 04 3A 82 E9 C5 A9   C8 65 12 5C 08 E3 01 C6  ...:.....e.\....
0010: 30 B0 AE 22 88 61 7B 2B   07 86 F7 B8 B5 44 9C F5  0..".a.+.....D..
...
00F0: 1E 12 78 CE 98 F2 5F FB   30 14 69 3C 2C FA 97 C6  ..x..._.0.i<,...

]
***
%% Invalidated:  [Session-2, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
main, SEND TLSv1.2 ALERT:  fatal, description = certificate_unknown
main, WRITE: TLSv1.2 Alert, length = 2
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
main, called close()
main, called closeInternal(true)
15:06:38.804 [main] DEBUG org.springframework.ws.transport.support.TransportUtils - Could not close WebServiceConnection
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    ... (see original post above)

Answer 2

Из строки ошибки видно, что при проверке файла хранилища ключей в указанном месте он не может его найти.Неправильно задан путь.

sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

Причина, по которой он работает на SoapUI, поскольку запрашивает файл для загрузки в конфигурации в SoapUI.

Проверьте физические расположения для указанных ниже ресурсов.Также, если у вас есть файл свойств, проверьте, правильно ли указан путь к нему.

@Value("${default-uri}")
private String defaultUri;

@Value("${ssl.trust-store}")
private Resource trustStore;

@Value("${ssl.trust-store-password}")
private String trustStorePassword;

@Value("${ssl.key-store}")
private Resource keyStore;

@Value("${ssl.key-store-password}")
private String keyStorePassword;