SSL Connection failing client cert

Notes/Domino 8 Forum

Subject: SSL Connection failing client cert

Feedback Type: Problem

Product Area: Domino Server

Technical Area: Security

Platform: Windows 2003 server

Release: 8.0.2

Reproducible: Always

Hi,
I have a domino server hosting secure web sites. An external site connects to these Domino sites using SSL. We recently changed the client certificate (not the keyring file but the certificate in the certificate view in the Domino Directory)and although the new certificate should be a match, the Domino server is closing the connection - 403: Forbidden.

I have a trace of the connection from the external server and have attached some of that below (with some url's and other data x'd out). The first line is just after the part where it has validated that a certificate exists and is OK (the keyring file I believe). I have set SSL_TRACE_ALL=3 but that doesn't seem to give me any data in the log when the connections are attempted. I realise that the problem muust be with the client certificate, but other servers (external - not ours and not Domino) are connecting OK using the same cert that we have been given.

Can anyone either see what is happening from the trace below or tell me how to collect this kind of data from our Domino server internally?

Thanks,

Mr T Nichols

System.Net Information: 0 : [4748] SecureChannel#24974776 - Remote certificate was verified as valid by the user.
System.Net.Sockets Verbose: 0 : [4748] Socket#37007761::Send()
System.Net.Sockets Verbose: 0 : [4748] Data from Socket#37007761::Send
System.Net.Sockets Verbose: 0 : [4748] 00000000 : 17 03 00 01 26 ED 7C 6D-51 D5 3C 05 CA 0C A2 1E : ....&.|mQ.<.....
System.Net.Sockets Verbose: 0 : [4748] 00000010 : BE 0A CA BB 21 53 2B 21-CE 06 22 F4 9B A0 EF 5B : ....!S+!.."....[
System.Net.Sockets Verbose: 0 : [4748] 00000020 : CE 39 A2 3F 0D 8F 1E BD-96 CF 73 2D 2C F7 21 B6 : .9.?......s-,.!.
System.Net.Sockets Verbose: 0 : [4748] 00000030 : 40 30 2F E5 5B DB D4 05-7B 0B C0 2A E8 C8 D4 05 : @0/.[...{..*....
System.Net.Sockets Verbose: 0 : [4748] 00000040 : BA 67 CB A8 A5 3E 20 24-02 17 4B 5C 48 88 1B 98 : .g...> $..K\H...
System.Net.Sockets Verbose: 0 : [4748] 00000050 : 7C CF 65 3F 39 15 97 3D-8C 3A 05 FE B9 3B 94 64 : |.e?9..=.:...;.d
System.Net.Sockets Verbose: 0 : [4748] 00000060 : CE 03 CD 1D 4F 9E AB F1-C5 4E B8 B9 28 98 44 1A : ....O....N..(.D.
System.Net.Sockets Verbose: 0 : [4748] 00000070 : CF 86 FB 27 15 77 99 F5-A0 A3 90 27 E8 F1 C3 17 : ...'.w.....'....
System.Net.Sockets Verbose: 0 : [4748] 00000080 : 24 2C E8 A6 D7 76 5F BE-E3 06 A2 A0 81 5F 75 E2 : $,...v_......_u.
System.Net.Sockets Verbose: 0 : [4748] 00000090 : C8 D3 8A 35 E1 78 4E C5-0F C3 6C 00 53 37 AA B9 : ...5.xN...l.S7..
System.Net.Sockets Verbose: 0 : [4748] 000000A0 : E9 3A 78 70 5D A9 9E F1-51 90 6E 8A 6A B5 0C 63 : .:xp]...Q.n.j..c
System.Net.Sockets Verbose: 0 : [4748] 000000B0 : 58 24 38 55 2D 80 62 E0-DB 11 25 1F 43 31 68 3D : X$8U-.b...%.C1h=
System.Net.Sockets Verbose: 0 : [4748] 000000C0 : 5F D8 52 91 6F AD AA 1D-48 43 84 79 91 EB F4 6C : _.R.o...HC.y...l
System.Net.Sockets Verbose: 0 : [4748] 000000D0 : 3D DE F3 F4 67 D7 72 6C-6C 54 DA 93 90 39 47 DB : =...g.rllT...9G.
System.Net.Sockets Verbose: 0 : [4748] 000000E0 : 5B 0C 30 2F 16 84 67 E5-E9 74 A2 45 2B 0F 51 AF : [.0/..g..t.E+.Q.
System.Net.Sockets Verbose: 0 : [4748] 000000F0 : B1 94 A7 BA 22 2C 92 DA-97 B5 AA 5D 4D 7D 17 6B : ....",.....]M}.k
System.Net.Sockets Verbose: 0 : [4748] 00000100 : 5B F7 4D AD A1 E6 AF E7-0B C6 C7 A4 4D 3A CB 68 : [.M.........M:.h
System.Net.Sockets Verbose: 0 : [4748] 00000110 : 09 4A EC 75 28 50 95 E7-7C 52 18 AB FD C1 2D 2D : .J.u(P..|R....--
System.Net.Sockets Verbose: 0 : [4748] 00000120 : A1 C9 A7 82 8D AF E8 F9-61 CA 76 : ........a.v
System.Net.Sockets Verbose: 0 : [4748] Exiting Socket#37007761::Send() -> 299#299
System.Net Information: 0 : [4748] ConnectStream#45861094 - Sending headers
{
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; MS Web Services Client Protocol 2.0.50727.1433)
Content-Type: application/soap+xml; charset=utf-8; action=""
Host: xxxxx.xxxx.com
Content-Length: 588
Expect: 100-continue
Connection: Keep-Alive
}.
System.Net.Sockets Verbose: 0 : [4748] Socket#37007761::Receive()
System.Net.Sockets Verbose: 0 : [4748] Data from Socket#37007761::Receive
System.Net.Sockets Verbose: 0 : [4748] 00000000 : 17 03 00 00 F9 : .....
System.Net.Sockets Verbose: 0 : [4748] Exiting Socket#37007761::Receive() -> 5#5
System.Net.Sockets Verbose: 0 : [4748] Socket#37007761::Receive()
System.Net.Sockets Verbose: 0 : [4748] Data from Socket#37007761::Receive
System.Net.Sockets Verbose: 0 : [4748] 00000005 : AA 67 61 07 99 5D 93 D3-3E 78 C3 B5 DB A9 9F 6D : .ga..]..>x.....m
System.Net.Sockets Verbose: 0 : [4748] 00000015 : F4 F6 9F 3A 53 43 36 05-96 EE 81 D7 D0 59 92 F4 : ...:SC6......Y..
System.Net.Sockets Verbose: 0 : [4748] 00000025 : 32 D4 F6 78 F3 6E C7 FA-FF C5 FB D0 22 59 B9 AE : 2..x.n......"Y..
System.Net.Sockets Verbose: 0 : [4748] 00000035 : B2 BC 10 54 D5 D4 D3 9A-52 0D 04 9F A0 87 88 71 : ...T....R......q
System.Net.Sockets Verbose: 0 : [4748] 00000045 : D5 34 03 6F FB 5E F8 84-F6 45 F8 46 C5 88 0F 1E : .4.o.^...E.F....
System.Net.Sockets Verbose: 0 : [4748] 00000055 : D6 2E 5E F5 DE A9 B8 7B-DD 76 D7 72 EC 6F 38 00 : ..^....{.v.r.o8.
System.Net.Sockets Verbose: 0 : [4748] 00000065 : 34 96 E3 88 B3 AE B1 DA-A5 74 0A 7A B5 87 A3 66 : 4........t.z...f
System.Net.Sockets Verbose: 0 : [4748] 00000075 : 69 CB 02 5E 33 36 02 46-5B 12 3F F1 C1 9B 22 24 : i..^36.F[.?..."$
System.Net.Sockets Verbose: 0 : [4748] 00000085 : A8 DE 53 86 E6 4B 2B 8F-C4 F4 EF 77 8C B1 C1 84 : ..S..K+....w....
System.Net.Sockets Verbose: 0 : [4748] 00000095 : 93 48 BB 66 88 32 03 48-13 E3 28 7D 40 B2 16 D8 : .H.f.2.H..(}@...
System.Net.Sockets Verbose: 0 : [4748] 000000A5 : 79 C5 18 B6 C6 C6 34 85-6D D7 A7 90 E1 43 71 77 : y.....4.m....Cqw
System.Net.Sockets Verbose: 0 : [4748] 000000B5 : 46 49 A1 D8 56 0A 55 9C-93 12 46 11 78 B8 CC 11 : FI..V.U...F.x...
System.Net.Sockets Verbose: 0 : [4748] 000000C5 : 82 31 DA FB 18 FA EF 20-D6 17 07 CB 76 45 0C 50 : .1..... ....vE.P
System.Net.Sockets Verbose: 0 : [4748] 000000D5 : AF B4 96 C1 18 67 47 27-80 30 FD 6A 89 9B 15 63 : .....gG'.0.j...c
System.Net.Sockets Verbose: 0 : [4748] 000000E5 : B1 1F 03 27 CA 74 0C C1-78 0A 51 9B 8B EB 86 8B : ...'.t..x.Q.....
System.Net.Sockets Verbose: 0 : [4748] 000000F5 : 23 13 0B 53 AF 6D 3A 54-87 : #..S.m:T.
System.Net.Sockets Verbose: 0 : [4748] Exiting Socket#37007761::Receive() -> 249#249
System.Net Information: 0 : [4748] Connection#15681389 - Received status line: Version=1.1, StatusCode=403, StatusDescription=Forbidden.
System.Net Information: 0 : [4748] Connection#15681389 - Received headers
{
Connection: close
Content-Length: 184
Cache-Control: no-cache
Content-Type: text/html; charset=US-ASCII
Date: Tue, 30 Jun 2009 09:51:18 GMT
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Server: Lotus-Domino
}.
System.Net Information: 0 : [4748] ConnectStream#54708252::ConnectStream(Buffered 184 bytes.)
System.Net.Sockets Verbose: 0 : [4748] Socket#37007761::MultipleSend()
System.Net.Sockets Verbose: 0 : [4748] Exiting Socket#37007761::MultipleSend()
System.Net Verbose: 0 : [4748] Data from ConnectStream#45861094::ResubmitWrite
System.Net Verbose: 0 : [4748] 00000000 : 3C 3F 78 6D 6C 20 76 65-72 73 69 6F 6E 3D 22 31 : <?xml version="1
System.Net Verbose: 0 : [4748] 00000010 : 2E 30 22 20 65 6E 63 6F-64 69 6E 67 3D 22 75 74 : .0" encoding="ut
System.Net Verbose: 0 : [4748] 00000020 : 66 2D 38 22 3F 3E 3C 73-6F 61 70 3A 45 6E 76 65 : f-8"?><soap:Enve
System.Net Verbose: 0 : [4748] 00000030 : 6C 6F 70 65 20 78 6D 6C-6E 73 3A 73 6F 61 70 3D : lope xmlns:soap=
System.Net Verbose: 0 : [4748] 00000040 : 22 68 74 74 70 3A 2F 2F-77 77 77 2E 77 33 2E 6F : "http://www.w3.o
System.Net Verbose: 0 : [4748] 00000050 : 72 67 2F 32 30 30 33 2F-30 35 2F 73 6F 61 70 2D : rg/2003/05/soap-
System.Net Verbose: 0 : [4748] 00000060 : 65 6E 76 65 6C 6F 70 65-22 20 78 6D 6C 6E 73 3A : envelope" xmlns:
System.Net Verbose: 0 : [4748] 00000070 : 78 73 69 3D 22 68 74 74-70 3A 2F 2F 77 77 77 2E : xsi="http://www.
System.Net Verbose: 0 : [4748] 00000080 : 77 33 2E 6F 72 67 2F 32-30 30 31 2F 58 4D 4C 53 : w3.org/2001/XMLS
System.Net Verbose: 0 : [4748] 00000090 : 63 68 65 6D 61 2D 69 6E-73 74 61 6E 63 65 22 20 : chema-instance"
System.Net Verbose: 0 : [4748] 000000A0 : 78 6D 6C 6E 73 3A 78 73-64 3D 22 68 74 74 70 3A : xmlns:xsd="http:
System.Net Verbose: 0 : [4748] 000000B0 : 2F 2F 77 77 77 2E 77 33-2E 6F 72 67 2F 32 30 30 : //www.w3.org/200
System.Net Verbose: 0 : [4748] 000000C0 : 31 2F 58 4D 4C 53 63 68-65 6D 61 22 3E 3C 73 6F : 1/XMLSchema"><so
System.Net Verbose: 0 : [4748] 000000D0 : 61 70 3A 42 6F 64 79 3E-3C 53 79 73 74 65 6D 53 : ap:Body><SystemS
System.Net Verbose: 0 : [4748] 000000E0 : 74 61 74 75 73 20 73 63-68 65 6D 61 56 65 72 73 : tatus schemaVers
System.Net Verbose: 0 : [4748] 000000F0 : 69 6F 6E 3D 22 31 2E 32-22 20 78 6D 6C 6E 73 3D : ion="1.2" xmlns=
System.Net Verbose: 0 : [4748] 00000100 : 22 68 74 74 70 3A 2F 2F-67 69 73 69 73 2E 69 6D : "http://xxxxxxxxx
System.Net Verbose: 0 : [4748] 00000110 : 6F 2E 6F 72 67 2F 58 4D-4C 2F 4C 52 49 54 2F 73 : xxx/xxxx/xx/s
System.Net Verbose: 0 : [4748] 00000120 : 79 73 74 65 6D 53 74 61-74 75 73 2F 32 30 30 38 : ystemStatus/2008
System.Net Verbose: 0 : [4748] 00000130 : 22 3E 3C 4D 65 73 73 61-67 65 54 79 70 65 3E 31 : "><MessageType>1
System.Net Verbose: 0 : [4748] 00000140 : 31 3C 2F 4D 65 73 73 61-67 65 54 79 70 65 3E 3C : 1</MessageType><
System.Net Verbose: 0 : [4748] 00000150 : 4D 65 73 73 61 67 65 49-64 3E 30 30 30 31 32 30 : MessageId>000120
System.Net Verbose: 0 : [4748] 00000160 : 30 39 30 36 33 30 30 39-35 31 33 30 37 34 33 37 : 0906300951307437
System.Net Verbose: 0 : [4748] 00000170 : 37 3C 2F 4D 65 73 73 61-67 65 49 64 3E 3C 54 69 : 7</MessageId><Ti
System.Net Verbose: 0 : [4748] 00000180 : 6D 65 53 74 61 6D 70 3E-32 30 30 39 2D 30 36 2D : meStamp>2009-06-
System.Net Verbose: 0 : [4748] 00000190 : 33 30 54 30 39 3A 35 31-3A 33 30 2E 35 39 5A 3C : 30T09:51:30.59Z<
System.Net Verbose: 0 : [4748] 000001A0 : 2F 54 69 6D 65 53 74 61-6D 70 3E 3C 44 44 50 56 : /TimeStamp><DDPV
System.Net Verbose: 0 : [4748] 000001B0 : 65 72 73 69 6F 6E 4E 75-6D 3E 37 33 3A 36 33 3C : ersionNum>73:63<
System.Net Verbose: 0 : [4748] 000001C0 : 2F 44 44 50 56 65 72 73-69 6F 6E 4E 75 6D 3E 3C : /DDPVersionNum><
System.Net Verbose: 0 : [4748] 000001D0 : 53 79 73 74 65 6D 53 74-61 74 75 73 3E 30 3C 2F : SystemStatus>0</
System.Net Verbose: 0 : [4748] 000001E0 : 53 79 73 74 65 6D 53 74-61 74 75 73 3E 3C 4D 65 : SystemStatus><Me
System.Net Verbose: 0 : [4748] 000001F0 : 73 73 61 67 65 3E 50 69-6E 67 3C 2F 4D 65 73 73 : ssage>Ping</Mess
System.Net Verbose: 0 : [4748] 00000200 : 61 67 65 3E 3C 4F 72 69-67 69 6E 61 74 6F 72 3E : age><Originator>
System.Net Verbose: 0 : [4748] 00000210 : 30 30 30 31 3C 2F 4F 72-69 67 69 6E 61 74 6F 72 : 0001</Originator
System.Net Verbose: 0 : [4748] 00000220 : 3E 3C 2F 53 79 73 74 65-6D 53 74 61 74 75 73 3E : ></SystemStatus>
System.Net Verbose: 0 : [4748] 00000230 : 3C 2F 73 6F 61 70 3A 42-6F 64 79 3E 3C 2F 73 6F : </soap:Body></so
System.Net Verbose: 0 : [4748] 00000240 : 61 70 3A 45 6E 76 65 6C-6F 70 65 3E : ap:Envelope>
System.Net Information: 0 : [4748] Associating HttpWebRequest#23696664 with ConnectStream#54708252
System.Net Information: 0 : [4748] Associating HttpWebRequest#23696664 with HttpWebResponse#8022616
System.Net Verbose: 0 : [4748] ConnectStream#54708252::Read()
System.Net.Sockets Verbose: 0 : [4748] Socket#37007761::Receive()
System.Net.Sockets Verbose: 0 : [4748] Data from Socket#37007761::Receive
System.Net.Sockets Verbose: 0 : [4748] 00000000 : 17 03 00 00 C8 : .....
System.Net.Sockets Verbose: 0 : [4748] Exiting Socket#37007761::Receive() -> 5#5
System.Net.Sockets Verbose: 0 : [4748] Socket#37007761::Receive()
System.Net.Sockets Verbose: 0 : [4748] Data from Socket#37007761::Receive
System.Net.Sockets Verbose: 0 : [4748] 00000005 : 6B 87 DC B9 A8 5D 85 13-D4 1D DF 10 EC AE 01 9E : k....]..........
System.Net.Sockets Verbose: 0 : [4748] 00000015 : 15 58 D4 BD F7 77 1D FD-C7 8D CA 98 6A 20 03 7C : .X...w......j .|
System.Net.Sockets Verbose: 0 : [4748] 00000025 : 8D 21 93 9B A8 B2 2B 8A-2D 22 AA B5 BC 87 EE D0 : .!....+.-"......
System.Net.Sockets Verbose: 0 : [4748] 00000035 : B1 16 31 31 F1 D0 7E 94-8F A5 7D 69 86 B4 FE F6 : ..11..~...}i....
System.Net.Sockets Verbose: 0 : [4748] 00000045 : E8 9C E9 DD AF E0 0D 64-42 05 BF 89 4F 5C 38 7A : .......dB...O\8z
System.Net.Sockets Verbose: 0 : [4748] 00000055 : AF 35 A0 33 11 7B EE 3F-1F 80 23 8E 28 4E A9 48 : .5.3.{.?..#.(N.H
System.Net.Sockets Verbose: 0 : [4748] 00000065 : 55 2B DC 9C DA A6 DE 9D-E5 5F 16 50 0F 97 64 A6 : U+......._.P..d.
System.Net.Sockets Verbose: 0 : [4748] 00000075 : F6 40 BE CD C7 E0 BC 45-9A 3D 43 6E 08 DE 0A 3A : .@.....E.=Cn...:
System.Net.Sockets Verbose: 0 : [4748] 00000085 : 5B 3F 54 F4 6C FC 18 99-0F 86 DA D8 21 43 D3 CC : [?T.l.......!C..
System.Net.Sockets Verbose: 0 : [4748] 00000095 : C4 7A AB A4 4C A4 9E C9-5F 5E 4D 75 6B 62 A9 A3 : .z..L..._^Mukb..
System.Net.Sockets Verbose: 0 : [4748] 000000A5 : 70 5C 81 A4 5C 97 CC FE-EA A8 09 D3 D5 D6 38 01 : p\..\.........8.
System.Net.Sockets Verbose: 0 : [4748] 000000B5 : FC 23 96 52 9D C9 35 04-26 9B 40 DD DB 51 F4 39 : .#.R..5.&.@..Q.9
System.Net.Sockets Verbose: 0 : [4748] 000000C5 : BA 46 07 EA 82 E7 75 8D- : .F....u.
System.Net.Sockets Verbose: 0 : [4748] Exiting Socket#37007761::Receive() -> 200#200
System.Net.Sockets Verbose: 0 : [4748] Socket#37007761::Dispose()
System.Net Verbose: 0 : [4748] Data from ConnectStream#54708252::Read
System.Net Verbose: 0 : [4748] 00000000 : 3C 21 44 4F 43 54 59 50-45 20 48 54 4D 4C 20 50 : <!DOCTYPE HTML P
System.Net Verbose: 0 : [4748] 00000010 : 55 42 4C 49 43 20 22 2D-2F 2F 57 33 43 2F 2F 44 : UBLIC "-//W3C//D
System.Net Verbose: 0 : [4748] 00000020 : 54 44 20 48 54 4D 4C 20-34 2E 30 31 20 54 72 61 : TD HTML 4.01 Tra
System.Net Verbose: 0 : [4748] 00000030 : 6E 73 69 74 69 6F 6E 61-6C 2F 2F 45 4E 22 3E 0A : nsitional//EN">.
System.Net Verbose: 0 : [4748] 00000040 : 3C 68 74 6D 6C 3E 0A 3C-68 65 61 64 3E 0A 3C 74 : <html>.<head>.<t
System.Net Verbose: 0 : [4748] 00000050 : 69 74 6C 65 3E 45 72 72-6F 72 3C 2F 74 69 74 6C : itle>Error</titl
System.Net Verbose: 0 : [4748] 00000060 : 65 3E 3C 2F 68 65 61 64-3E 0A 3C 62 6F 64 79 20 : e></head>.<body
System.Net Verbose: 0 : [4748] 00000070 : 74 65 78 74 3D 22 23 30-30 30 30 30 30 22 3E 0A : text="#000000">.
System.Net Verbose: 0 : [4748] 00000080 : 3C 68 31 3E 45 72 72 6F-72 20 34 30 33 3C 2F 68 : <h1>Error 403</h
System.Net Verbose: 0 : [4748] 00000090 : 31 3E 55 73 65 72 20 6E-6F 74 20 61 75 74 68 65 : 1>User not authe
System.Net Verbose: 0 : [4748] 000000A0 : 6E 74 69 63 61 74 65 64-3C 2F 62 6F 64 79 3E 0A : nticated</body>.
System.Net Verbose: 0 : [4748] 000000B0 : 3C 2F 68 74 6D 6C 3E 0A- : </html>.
System.Net Verbose: 0 : [4748] Exiting ConnectStream#54708252::Read() -> 184#184
System.Net Verbose: 0 : [4748] ConnectStream#54708252::Read()
System.Net Verbose: 0 : [4748] Exiting ConnectStream#54708252::Read() -> 0#0
System.Net Error: 0 : [4748] Exception in the HttpWebRequest#23696664::EndGetResponse - The remote server returned an error: (403) Forbidden.
System.Net Verbose: 0 : [4748] HttpWebResponse#8022616::GetResponseStream()
System.Net Information: 0 : [4748] ContentLength=184
System.Net Verbose: 0 : [4748] Exiting HttpWebResponse#8022616::GetResponseStream() -> SyncMemoryStream#34257225

Feedback number WEBB7THJ9J created by ~Samuel Ekreteroopsi on 06/30/2009