#Test Results (version 2) #Fri Oct 22 07:00:45 GMT 2021 #-----testdescription----- $file=/opt/jpgansible/CommonData/baseoftests/jdk/test/closed/security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java $root=/opt/jpgansible/CommonData/baseoftests/jdk/test keywords=bug8145955 bug8207059 closed_swan othervm run=USER_SPECIFIED build ValidatePathWithParams\nUSER_SPECIFIED main/othervm -Djava.security.debug\=certpath QuoVadisCA OCSP\nUSER_SPECIFIED main/othervm -Djava.security.debug\=certpath QuoVadisCA CRL\n source=QuoVadisCA.java title=Interoperability tests with QuoVadis Root CA1, CA2, and CA3 CAs #-----environment----- #-----testresult----- description=file\:/opt/jpgansible/CommonData/baseoftests/jdk/test/closed/security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java elapsed=18487 0\:00\:18.487 end=Fri Oct 22 07\:00\:45 GMT 2021 environment=regtest execStatus=Failed. Execution failed\: `main' threw exception\: java.lang.RuntimeException\: TEST FAILED\: couldn't determine EE certificate status harnessLoaderMode=Classpath Loader harnessVariety=Full Bundle hostname=ursqe-oel47.s4.javaplatfo1lhr.oraclevcn.com javatestOS=Linux 4.18.0-147.0.3.el8_1.x86_64 (amd64) javatestVersion=6.0 jtregVersion=jtreg 4.2 fcs b13 script=com.sun.javatest.regtest.exec.RegressionScript sections=script_messages build compile build compile main build main start=Fri Oct 22 07\:00\:27 GMT 2021 test=closed/security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java testJDK=/opt/jpgansible/CommonData/jdk totalTime=18490 user.name=jpgansible work=/opt/jpgansible/sandbox/results/workDir/closed/security/infra/java/security/cert/CertPathValidator/certification #section:script_messages ----------messages:(4/197)---------- JDK under test: /opt/jpgansible/CommonData/jdk java version "1.7.0_331-ea" Java(TM) SE Runtime Environment (build 1.7.0_331-ea-b02) Java HotSpot(TM) 64-Bit Server VM (build 24.331-b02, mixed mode) #section:build ----------messages:(5/183)---------- command: build ValidatePathWithParams reason: User specified action: run build ValidatePathWithParams Test directory: compile: ValidatePathWithParams elapsed time (seconds): 0.893 result: Passed. Build successful #section:compile ----------messages:(4/287)---------- command: compile -XDignore.symbol.file=true /opt/jpgansible/CommonData/baseoftests/jdk/test/closed/security/infra/java/security/cert/CertPathValidator/certification/ValidatePathWithParams.java reason: .class file out of date or does not exist Mode: othervm elapsed time (seconds): 0.882 ----------configuration:(6/499)---------- javac compilation environment source path: /opt/jpgansible/CommonData/baseoftests/jdk/test/closed/security/infra/java/security/cert/CertPathValidator/certification class path: /opt/jpgansible/CommonData/baseoftests/jdk/test/closed/security/infra/java/security/cert/CertPathValidator/certification /opt/jpgansible/sandbox/results/workDir/classes/closed/security/infra/java/security/cert/CertPathValidator/certification /opt/jpgansible/CommonData/jdk/lib/tools.jar ----------rerun:(27/2447)*---------- cd /opt/jpgansible/sandbox/results/workDir/closed/security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA && \\ DISPLAY=:0 \\ HOME=/opt/jpgansible \\ JTREG_COF=false \\ JTREG_HOME=/opt/jpgansible/CommonData/jtreg_dir \\ JTREG_OPTS='-vmoption:-Xmx768M -javaoption:-Xmixed -javaoption:-server -javaoption:-d64 -javaoption:-Djavatest.maxOutputSize=2147483647 '-k:!ignore' -timeout:3 -J-Djavatest.script.jtrIfPassed=false -verbose:time -othervm -conc:1 -vmoptions:'-XX:MaxRAMFraction=2'' \\ LANG=C \\ PATH=/bin:/usr/bin \\ /opt/jpgansible/CommonData/jdk/bin/javac \\ -J-d64 \\ -J-Xmx768M \\ -J-XX:MaxRAMFraction=2 \\ -J-Dtest.src=/opt/jpgansible/CommonData/baseoftests/jdk/test/closed/security/infra/java/security/cert/CertPathValidator/certification \\ -J-Dtest.src.path=/opt/jpgansible/CommonData/baseoftests/jdk/test/closed/security/infra/java/security/cert/CertPathValidator/certification \\ -J-Dtest.classes=/opt/jpgansible/sandbox/results/workDir/classes/closed/security/infra/java/security/cert/CertPathValidator/certification \\ -J-Dtest.class.path=/opt/jpgansible/sandbox/results/workDir/classes/closed/security/infra/java/security/cert/CertPathValidator/certification \\ -J-Dtest.vm.opts='-d64 -Xmx768M -XX:MaxRAMFraction=2' \\ -J-Dtest.tool.vm.opts='-J-d64 -J-Xmx768M -J-XX:MaxRAMFraction=2' \\ -J-Dtest.compiler.opts= \\ -J-Dtest.java.opts='-Xmixed -server -d64 -Djavatest.maxOutputSize=2147483647' \\ -J-Dtest.jdk=/opt/jpgansible/CommonData/jdk \\ -J-Dcompile.jdk=/opt/jpgansible/CommonData/jdk \\ -J-Dtest.timeout.factor=3.0 \\ -d /opt/jpgansible/sandbox/results/workDir/classes/closed/security/infra/java/security/cert/CertPathValidator/certification \\ -sourcepath /opt/jpgansible/CommonData/baseoftests/jdk/test/closed/security/infra/java/security/cert/CertPathValidator/certification \\ -classpath /opt/jpgansible/CommonData/baseoftests/jdk/test/closed/security/infra/java/security/cert/CertPathValidator/certification:/opt/jpgansible/sandbox/results/workDir/classes/closed/security/infra/java/security/cert/CertPathValidator/certification:/opt/jpgansible/CommonData/jdk/lib/tools.jar \\ -XDignore.symbol.file=true /opt/jpgansible/CommonData/baseoftests/jdk/test/closed/security/infra/java/security/cert/CertPathValidator/certification/ValidatePathWithParams.java ----------System.out:(0/0)---------- ----------System.err:(2/243)---------- Note: /opt/jpgansible/CommonData/baseoftests/jdk/test/closed/security/infra/java/security/cert/CertPathValidator/certification/ValidatePathWithParams.java uses unchecked or unsafe operations. Note: Recompile with -Xlint:unchecked for details. result: Passed. Compilation successful #section:build ----------messages:(5/132)---------- command: build QuoVadisCA reason: Named class compiled on demand Test directory: compile: QuoVadisCA elapsed time (seconds): 0.72 result: Passed. Build successful #section:compile ----------messages:(4/275)---------- command: compile -XDignore.symbol.file=true /opt/jpgansible/CommonData/baseoftests/jdk/test/closed/security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java reason: .class file out of date or does not exist Mode: othervm elapsed time (seconds): 0.719 ----------configuration:(6/499)---------- javac compilation environment source path: /opt/jpgansible/CommonData/baseoftests/jdk/test/closed/security/infra/java/security/cert/CertPathValidator/certification class path: /opt/jpgansible/CommonData/baseoftests/jdk/test/closed/security/infra/java/security/cert/CertPathValidator/certification /opt/jpgansible/sandbox/results/workDir/classes/closed/security/infra/java/security/cert/CertPathValidator/certification /opt/jpgansible/CommonData/jdk/lib/tools.jar ----------rerun:(27/2435)*---------- cd /opt/jpgansible/sandbox/results/workDir/closed/security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA && \\ DISPLAY=:0 \\ HOME=/opt/jpgansible \\ JTREG_COF=false \\ JTREG_HOME=/opt/jpgansible/CommonData/jtreg_dir \\ JTREG_OPTS='-vmoption:-Xmx768M -javaoption:-Xmixed -javaoption:-server -javaoption:-d64 -javaoption:-Djavatest.maxOutputSize=2147483647 '-k:!ignore' -timeout:3 -J-Djavatest.script.jtrIfPassed=false -verbose:time -othervm -conc:1 -vmoptions:'-XX:MaxRAMFraction=2'' \\ LANG=C \\ PATH=/bin:/usr/bin \\ /opt/jpgansible/CommonData/jdk/bin/javac \\ -J-d64 \\ -J-Xmx768M \\ -J-XX:MaxRAMFraction=2 \\ -J-Dtest.src=/opt/jpgansible/CommonData/baseoftests/jdk/test/closed/security/infra/java/security/cert/CertPathValidator/certification \\ -J-Dtest.src.path=/opt/jpgansible/CommonData/baseoftests/jdk/test/closed/security/infra/java/security/cert/CertPathValidator/certification \\ -J-Dtest.classes=/opt/jpgansible/sandbox/results/workDir/classes/closed/security/infra/java/security/cert/CertPathValidator/certification \\ -J-Dtest.class.path=/opt/jpgansible/sandbox/results/workDir/classes/closed/security/infra/java/security/cert/CertPathValidator/certification \\ -J-Dtest.vm.opts='-d64 -Xmx768M -XX:MaxRAMFraction=2' \\ -J-Dtest.tool.vm.opts='-J-d64 -J-Xmx768M -J-XX:MaxRAMFraction=2' \\ -J-Dtest.compiler.opts= \\ -J-Dtest.java.opts='-Xmixed -server -d64 -Djavatest.maxOutputSize=2147483647' \\ -J-Dtest.jdk=/opt/jpgansible/CommonData/jdk \\ -J-Dcompile.jdk=/opt/jpgansible/CommonData/jdk \\ -J-Dtest.timeout.factor=3.0 \\ -d /opt/jpgansible/sandbox/results/workDir/classes/closed/security/infra/java/security/cert/CertPathValidator/certification \\ -sourcepath /opt/jpgansible/CommonData/baseoftests/jdk/test/closed/security/infra/java/security/cert/CertPathValidator/certification \\ -classpath /opt/jpgansible/CommonData/baseoftests/jdk/test/closed/security/infra/java/security/cert/CertPathValidator/certification:/opt/jpgansible/sandbox/results/workDir/classes/closed/security/infra/java/security/cert/CertPathValidator/certification:/opt/jpgansible/CommonData/jdk/lib/tools.jar \\ -XDignore.symbol.file=true /opt/jpgansible/CommonData/baseoftests/jdk/test/closed/security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.java ----------System.out:(0/0)---------- ----------System.err:(0/0)---------- result: Passed. Compilation successful #section:main ----------messages:(4/222)---------- command: main -Djava.security.debug=certpath QuoVadisCA OCSP reason: User specified action: run main/othervm -Djava.security.debug=certpath QuoVadisCA OCSP Mode: othervm [/othervm specified] elapsed time (seconds): 5.932 ----------configuration:(0/0)---------- ----------System.out:(105/4881)---------- ===================================================== CONFIGURATION ===================================================== PROXY_HOST :www-proxy.us.oracle.com PROXY_PORT :80 jdk.certpath.disabledAlgorithms :MD2, MD5, SHA1 jdkCA & usage TLSServer, RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, include jdk.disabled.namedCurves OCSP ENABLE :true CRLDP ENABLE :false OCSP responder set :null Trusted root set: false Expected EE Status:GOOD ===================================================== Successful CertPath validation Expected Certificate status: GOOD Certificate status after validation: GOOD ===================================================== CONFIGURATION ===================================================== PROXY_HOST :www-proxy.us.oracle.com PROXY_PORT :80 jdk.certpath.disabledAlgorithms :MD2, MD5, SHA1 jdkCA & usage TLSServer, RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, include jdk.disabled.namedCurves OCSP ENABLE :true CRLDP ENABLE :false OCSP responder set :null Trusted root set: false Expected EE Status:REVOKED Expected EE Revocation Date:Wed Jan 20 15:46:23 GMT 2021 ===================================================== Received exception: java.security.cert.CertPathValidatorException: Certificate has been revoked, reason: UNSPECIFIED, revocation date: Wed Jan 20 15:46:23 GMT 2021, authority: CN=DigiCert QuoVadis TLS ICA QV Root CA 1 G3, O="DigiCert, Inc", C=US, extension OIDs: [] Expected Certificate status: REVOKED Certificate status after validation: REVOKED Certificate revocation date:Wed Jan 20 15:46:23 GMT 2021 Expected revocation date:Wed Jan 20 15:46:23 GMT 2021 ===================================================== CONFIGURATION ===================================================== PROXY_HOST :www-proxy.us.oracle.com PROXY_PORT :80 jdk.certpath.disabledAlgorithms :MD2, MD5, SHA1 jdkCA & usage TLSServer, RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, include jdk.disabled.namedCurves OCSP ENABLE :true CRLDP ENABLE :false OCSP responder set :null Trusted root set: false Expected EE Status:GOOD ===================================================== Successful CertPath validation Expected Certificate status: GOOD Certificate status after validation: GOOD ===================================================== CONFIGURATION ===================================================== PROXY_HOST :www-proxy.us.oracle.com PROXY_PORT :80 jdk.certpath.disabledAlgorithms :MD2, MD5, SHA1 jdkCA & usage TLSServer, RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, include jdk.disabled.namedCurves OCSP ENABLE :true CRLDP ENABLE :false OCSP responder set :null Trusted root set: false Expected EE Status:REVOKED Expected EE Revocation Date:Tue Feb 02 19:26:52 GMT 2021 ===================================================== Received exception: java.security.cert.CertPathValidatorException: Certificate has been revoked, reason: UNSPECIFIED, revocation date: Tue Feb 02 19:26:52 GMT 2021, authority: CN=DigiCert QV EV TLS ICA G1, O="DigiCert, Inc.", C=US, extension OIDs: [] Expected Certificate status: REVOKED Certificate status after validation: REVOKED Certificate revocation date:Tue Feb 02 19:26:52 GMT 2021 Expected revocation date:Tue Feb 02 19:26:52 GMT 2021 ===================================================== CONFIGURATION ===================================================== PROXY_HOST :www-proxy.us.oracle.com PROXY_PORT :80 jdk.certpath.disabledAlgorithms :MD2, MD5, SHA1 jdkCA & usage TLSServer, RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, include jdk.disabled.namedCurves OCSP ENABLE :true CRLDP ENABLE :false OCSP responder set :null Trusted root set: false Expected EE Status:GOOD ===================================================== Successful CertPath validation Expected Certificate status: GOOD Certificate status after validation: GOOD ===================================================== CONFIGURATION ===================================================== PROXY_HOST :www-proxy.us.oracle.com PROXY_PORT :80 jdk.certpath.disabledAlgorithms :MD2, MD5, SHA1 jdkCA & usage TLSServer, RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, include jdk.disabled.namedCurves OCSP ENABLE :true CRLDP ENABLE :false OCSP responder set :null Trusted root set: false Expected EE Status:REVOKED Expected EE Revocation Date:Wed Jan 20 15:51:03 GMT 2021 ===================================================== Received exception: java.security.cert.CertPathValidatorException: Certificate has been revoked, reason: UNSPECIFIED, revocation date: Wed Jan 20 15:51:03 GMT 2021, authority: CN=DigiCert QuoVadis TLS ICA QV Root CA 3 G3, O="DigiCert, Inc", C=US, extension OIDs: [] Expected Certificate status: REVOKED Certificate status after validation: REVOKED Certificate revocation date:Wed Jan 20 15:51:03 GMT 2021 Expected revocation date:Wed Jan 20 15:51:03 GMT 2021 ----------System.err:(1237/81963)*---------- certpath: Constraints: MD2 certpath: Constraints: MD5 certpath: Constraints: RSA keySize < 1024 certpath: Constraints set to keySize: keySize < 1024 certpath: Constraints: DSA keySize < 1024 certpath: Constraints set to keySize: keySize < 1024 certpath: Constraints: secp112r1 certpath: Constraints: secp112r2 certpath: Constraints: secp128r1 certpath: Constraints: secp128r2 certpath: Constraints: secp160k1 certpath: Constraints: secp160r1 certpath: Constraints: secp160r2 certpath: Constraints: secp192k1 certpath: Constraints: secp192r1 certpath: Constraints: secp224k1 certpath: Constraints: secp224r1 certpath: Constraints: secp256k1 certpath: Constraints: sect113r1 certpath: Constraints: sect113r2 certpath: Constraints: sect131r1 certpath: Constraints: sect131r2 certpath: Constraints: sect163k1 certpath: Constraints: sect163r1 certpath: Constraints: sect163r2 certpath: Constraints: sect193r1 certpath: Constraints: sect193r2 certpath: Constraints: sect233k1 certpath: Constraints: sect233r1 certpath: Constraints: sect239k1 certpath: Constraints: sect283k1 certpath: Constraints: sect283r1 certpath: Constraints: sect409k1 certpath: Constraints: sect409r1 certpath: Constraints: sect571k1 certpath: Constraints: sect571r1 certpath: Constraints: X9.62 c2tnb191v1 certpath: Constraints: X9.62 c2tnb191v2 certpath: Constraints: X9.62 c2tnb191v3 certpath: Constraints: X9.62 c2tnb239v1 certpath: Constraints: X9.62 c2tnb239v2 certpath: Constraints: X9.62 c2tnb239v3 certpath: Constraints: X9.62 c2tnb359v1 certpath: Constraints: X9.62 c2tnb431r1 certpath: Constraints: X9.62 prime192v2 certpath: Constraints: X9.62 prime192v3 certpath: Constraints: X9.62 prime239v1 certpath: Constraints: X9.62 prime239v2 certpath: Constraints: X9.62 prime239v3 certpath: Constraints: brainpoolP256r1 certpath: Constraints: brainpoolP320r1 certpath: Constraints: brainpoolP384r1 certpath: Constraints: brainpoolP512r1 certpath: Constraints.permits(): SHA256withRSA, [ Variant: generic Certs Issued by Anchor: Cert Issuer: CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Oracle Corporation Cert Subject: CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Oracle Corporation Key: RSA ] certpath: Constraints.permits(): SHA256, [ Variant: generic Certs Issued by Anchor: Cert Issuer: CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Oracle Corporation Cert Subject: CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Oracle Corporation Key: RSA ] certpath: Constraints.permits(): SHA-256, [ Variant: generic Certs Issued by Anchor: Cert Issuer: CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Oracle Corporation Cert Subject: CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Oracle Corporation Key: RSA ] certpath: Constraints.permits(): SHA-256, [ Variant: generic Certs Issued by Anchor: Cert Issuer: CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Oracle Corporation Cert Subject: CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Oracle Corporation Key: RSA ] certpath: Constraints.permits(): SHA256withRSA, [ Variant: generic Certs Issued by Anchor: Cert Issuer: CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Oracle Corporation Cert Subject: CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Oracle Corporation Cert Issuer: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Cert Subject: CN=DigiCert SHA2 Assured ID Timestamping CA, OU=www.digicert.com, O=DigiCert Inc, C=US Key: RSA Key: RSA Timestamp: Wed Sep 15 09:13:27 GMT 2021 ] certpath: Constraints.permits(): SHA256, [ Variant: generic Certs Issued by Anchor: Cert Issuer: CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Oracle Corporation Cert Subject: CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Oracle Corporation Cert Issuer: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Cert Subject: CN=DigiCert SHA2 Assured ID Timestamping CA, OU=www.digicert.com, O=DigiCert Inc, C=US Key: RSA Key: RSA Timestamp: Wed Sep 15 09:13:27 GMT 2021 ] certpath: Constraints.permits(): SHA-256, [ Variant: generic Certs Issued by Anchor: Cert Issuer: CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Oracle Corporation Cert Subject: CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Oracle Corporation Cert Issuer: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Cert Subject: CN=DigiCert SHA2 Assured ID Timestamping CA, OU=www.digicert.com, O=DigiCert Inc, C=US Key: RSA Key: RSA Timestamp: Wed Sep 15 09:13:27 GMT 2021 ] certpath: Constraints.permits(): SHA-256, [ Variant: generic Certs Issued by Anchor: Cert Issuer: CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Oracle Corporation Cert Subject: CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Oracle Corporation Cert Issuer: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Cert Subject: CN=DigiCert SHA2 Assured ID Timestamping CA, OU=www.digicert.com, O=DigiCert Inc, C=US Key: RSA Key: RSA Timestamp: Wed Sep 15 09:13:27 GMT 2021 ] certpath: PKIXCertPathValidator.engineValidate()... certpath: PKIXCertPathValidator.engineValidate() reversing certpath... certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 344ed55720d5edec49f42fce37db2b6d Issuer: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US Subject: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 605949e0262ebb55f90a778a71f94ad86c Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R5 Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R5) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 0 Issuer: CN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US Subject: CN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 15c8bd65475cafb897005ee406d2bc9d Issuer: OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd.", C=TW Subject: OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd.", C=TW) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 3863def8 Issuer: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net Subject: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 0 Issuer: CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US Subject: CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 3ab6508b Issuer: CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM Subject: CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: ce7e0e517d846fe8fe560fc1bf03039 Issuer: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Subject: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: c9cdd3e9d57d23ce Issuer: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU Subject: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 4a538c28 Issuer: CN=Entrust Root Certification Authority - G2, OU="(c) 2009 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US Subject: CN=Entrust Root Certification Authority - G2, OU="(c) 2009 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 1 Issuer: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE Subject: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: b931c3ad63967ea6723bfc3af9af44b Issuer: CN=DigiCert Assured ID Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US Subject: CN=DigiCert Assured ID Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: a0142800000014523c844b500000002 Issuer: CN=IdenTrust Commercial Root CA 1, O=IdenTrust, C=US Subject: CN=IdenTrust Commercial Root CA 1, O=IdenTrust, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: a0142800000014523cf467c00000002 Issuer: CN=IdenTrust Public Sector Root CA 1, O=IdenTrust, C=US Subject: CN=IdenTrust Public Sector Root CA 1, O=IdenTrust, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 18dad19e267de8bb4a2158cdcc6b3b4a Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: d9b5437fafa9390f000000005565ad58 Issuer: CN=Entrust Root Certification Authority - G4, OU="(c) 2015 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US Subject: CN=Entrust Root Certification Authority - G4, OU="(c) 2015 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 600197b746a7eab4b49ad64b2ff790fb Issuer: CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US Subject: CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 75e6dfcbc1685ba8 Issuer: CN=SSL.com Root Certification Authority ECC, O=SSL Corporation, L=Houston, ST=Texas, C=US Subject: CN=SSL.com Root Certification Authority ECC, O=SSL Corporation, L=Houston, ST=Texas, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 66c9fcf99bf8c0a39e2f0788a43e696365bca Issuer: CN=Amazon Root CA 1, O=Amazon, C=US Subject: CN=Amazon Root CA 1, O=Amazon, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 66c9fd5749736663f3b0b9ad9e89e7603f24a Issuer: CN=Amazon Root CA 3, O=Amazon, C=US Subject: CN=Amazon Root CA 3, O=Amazon, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 0 Issuer: CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU Subject: CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 1 Issuer: CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US Subject: CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 5c6 Issuer: CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM Subject: CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 7497258ac73f7a54 Issuer: CN=AffirmTrust Premium ECC, O=AffirmTrust, C=US Subject: CN=AffirmTrust Premium ECC, O=AffirmTrust, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 78585f2ead2c194be3370735341328b596d46593 Issuer: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM Subject: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM) certpath: X509CertSelector.match returning: true certpath: YES - try this trustedCert certpath: anchor.getTrustedCert().getSubjectX500Principal() = CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM certpath: Constraints: MD2 certpath: Constraints: MD5 certpath: Constraints: SHA1 jdkCA & usage TLSServer certpath: Constraints set to jdkCA. certpath: Constraints usage length is 1 certpath: Constraints: RSA keySize < 1024 certpath: Constraints set to keySize: keySize < 1024 certpath: Constraints: DSA keySize < 1024 certpath: Constraints set to keySize: keySize < 1024 certpath: Constraints: EC keySize < 224 certpath: Constraints set to keySize: keySize < 224 certpath: Constraints: secp112r1 certpath: Constraints: secp112r2 certpath: Constraints: secp128r1 certpath: Constraints: secp128r2 certpath: Constraints: secp160k1 certpath: Constraints: secp160r1 certpath: Constraints: secp160r2 certpath: Constraints: secp192k1 certpath: Constraints: secp192r1 certpath: Constraints: secp224k1 certpath: Constraints: secp224r1 certpath: Constraints: secp256k1 certpath: Constraints: sect113r1 certpath: Constraints: sect113r2 certpath: Constraints: sect131r1 certpath: Constraints: sect131r2 certpath: Constraints: sect163k1 certpath: Constraints: sect163r1 certpath: Constraints: sect163r2 certpath: Constraints: sect193r1 certpath: Constraints: sect193r2 certpath: Constraints: sect233k1 certpath: Constraints: sect233r1 certpath: Constraints: sect239k1 certpath: Constraints: sect283k1 certpath: Constraints: sect283r1 certpath: Constraints: sect409k1 certpath: Constraints: sect409r1 certpath: Constraints: sect571k1 certpath: Constraints: sect571r1 certpath: Constraints: X9.62 c2tnb191v1 certpath: Constraints: X9.62 c2tnb191v2 certpath: Constraints: X9.62 c2tnb191v3 certpath: Constraints: X9.62 c2tnb239v1 certpath: Constraints: X9.62 c2tnb239v2 certpath: Constraints: X9.62 c2tnb239v3 certpath: Constraints: X9.62 c2tnb359v1 certpath: Constraints: X9.62 c2tnb431r1 certpath: Constraints: X9.62 prime192v2 certpath: Constraints: X9.62 prime192v3 certpath: Constraints: X9.62 prime239v1 certpath: Constraints: X9.62 prime239v2 certpath: Constraints: X9.62 prime239v3 certpath: Constraints: brainpoolP256r1 certpath: Constraints: brainpoolP320r1 certpath: Constraints: brainpoolP384r1 certpath: Constraints: brainpoolP512r1 certpath: -------------------------------------------------------------- certpath: Executing PKIX certification path validation algorithm. certpath: Checking cert1 ... certpath: Set of critical extensions: certpath: 2.5.29.15 certpath: 2.5.29.19 certpath: -Using checker1 ... [sun.security.provider.certpath.UntrustedChecker] certpath: -checker1 validation succeeded certpath: -Using checker2 ... [sun.security.provider.certpath.AlgorithmChecker] certpath: Constraints.permits(): SHA256withRSA, [ Variant: generic Anchor: [ Trusted CA cert: [ [ Version: V3 Subject: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 4096 bits modulus: 655775895775617526454917202166845877898971172380096574027708125889948413811353726176004925862935288224846030718254836482640813693329057923697969271538313140218015869178833667875455570220944769061756577538580708090997230864651750202801494365971449490684949999038641340762278537632062729015133908889104515262586703992939030809659620187090006370352603622735718296887505352605779074746039663740740021478434526471741784117934612387829188089058987368376987974775468903659636930890191660126754972496210420148052354666679500597116741475263852651397627894195504424100619664611331889492784540838781304704273743642077207289262386626815498644374268922463521843043115663121226853149820112809641774187898364740162059033501495842219756807938163714451363995610280196085777589237954647813866380126116547877576992395419370960998307647750509962252223404945010391974334932635041427084606151214845277717064932938714190947575922072755801483695717783811668595418189247477065894071751146679095032661094173683098518477658231479739835919031527627994531060245721199429852842803412219555453190936662417281679057414936147298523075575226011414376399787230301552147038651684589377296957568328889587177284893711238940271756346683754018903331037884878204428884636499 public exponent: 65537 Validity: [From: Thu Jan 12 17:27:44 GMT 2012, To: Sun Jan 12 17:27:44 GMT 2042] Issuer: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM SerialNumber: [ 78585f2e ad2c194b e3370735 341328b5 96d46593] Certificate Extensions: 3 [1]: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2147483647 ] [2]: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ Key_CertSign Crl_Sign ] [3]: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: A3 97 D6 F3 5E A2 10 E1 AB 45 9F 3C 17 64 3C EE ....^....E.<.d<. 0010: 01 70 9C CC .p.. ] ] ] Algorithm: [SHA256withRSA] Signature: 0000: 18 FA 5B 75 FC 3E 7A C7 5F 77 C7 CA DF CF 5F C3 ..[u.>z._w...._. 0010: 12 C4 40 5D D4 32 AA B8 6A D7 D5 15 15 46 98 23 ..@].2..j....F.# 0020: A5 E6 90 5B 18 99 4C E3 AD 42 A3 82 31 36 88 CD ...[..L..B..16.. 0030: E9 FB C4 04 96 48 8B 01 C7 8D 01 CF 5B 33 06 96 .....H......[3.. 0040: 46 66 74 1D 4F ED C1 B6 B9 B4 0D 61 CC 63 7E D7 Fft.O......a.c.. 0050: 2E 77 8C 96 1C 2A 23 68 6B 85 57 76 70 33 13 FE .w...*#hk.Wvp3.. 0060: E1 4F A6 23 77 18 FA 1A 8C E8 BD 65 C9 CF 3F F4 .O.#w......e..?. 0070: C9 17 DC EB C7 BC C0 04 2E 2D 46 2F 69 66 C3 1B .........-F/if.. 0080: 8F FE EC 3E D3 CA 94 BF 76 0A 25 0D A9 7B 02 1C ...>....v.%..... 0090: A9 D0 3B 5F 0B C0 81 3A 3D 64 E1 BF A7 2D 4E BD ..;_...:=d...-N. 00A0: 4D C4 D8 29 C6 22 18 D0 C5 AC 72 02 82 3F AA 3A M..)."....r..?.: 00B0: A2 3A 22 97 31 DD 08 63 C3 75 14 B9 60 28 2D 5B .:".1..c.u..`(-[ 00C0: 68 E0 16 A9 66 82 23 51 F5 EB 53 D8 31 9B 7B E9 h...f.#Q..S.1... 00D0: B7 9D 4B EB 88 16 CF F9 5D 38 8A 49 30 8F ED F1 ..K.....]8.I0... 00E0: EB 19 F4 77 1A 31 18 4D 67 54 6C 2F 6F 65 F9 DB ...w.1.MgTl/oe.. 00F0: 3D EC 21 EC 5E F4 F4 8B CA 60 65 54 D1 71 64 F4 =.!.^....`eT.qd. 0100: F9 A6 A3 81 33 36 33 71 F0 A4 78 5F 4E AD 83 21 ....363q..x_N..! 0110: DE 34 49 8D E8 59 AC 9D F2 76 5A 36 F2 13 F4 AF .4I..Y...vZ6.... 0120: E0 09 C7 61 2A 6C F7 E0 9D AE BB 86 4A 28 6F 2E ...a*l......J(o. 0130: EE B4 79 CD 90 33 C3 B3 76 FA F5 F0 6C 9D 01 90 ..y..3..v...l... 0140: FA 9E 90 F6 9C 72 CF 47 DA C3 1F E4 35 20 53 F2 .....r.G....5 S. 0150: 54 D1 DF 61 83 A6 02 E2 25 38 DE 85 32 2D 5E 73 T..a....%8..2-^s 0160: 90 52 5D 42 C4 CE 3D 4B E1 F9 19 84 1D D5 A2 50 .R]B..=K.......P 0170: CC 41 FB 41 14 C3 BD D6 C9 5A A3 63 66 02 80 BD .A.A.....Z.cf... 0180: 05 3A 3B 47 9C EC 00 26 4C F5 88 51 BF A8 23 7F .:;G...&L..Q..#. 0190: 18 07 B0 0B ED 8B 26 A1 64 D3 61 4A EB 5C 9F DE ......&.d.aJ.\\.. 01A0: B3 AF 67 03 B3 1F DD 6D 5D 69 68 69 AB 5E 3A EC ..g....m]ihi.^:. 01B0: 7C 69 BC C7 3B 85 4E 9E 15 B9 B4 15 4F C3 95 7A .i..;.N.....O..z 01C0: 58 D7 C9 6C E9 6C B9 F3 29 63 5E B4 2C F0 2D 3D X..l.l..)c^.,.-= 01D0: ED 5A 65 E0 A9 5B 40 C2 48 99 81 6D 9E 1F 06 2A .Ze..[@.H..m...* 01E0: 3C 12 B4 8B 0F 9B A2 24 F0 A6 8D D6 7A E0 4B B6 <......$....z.K. 01F0: 64 96 63 95 84 C2 4A CD 1C 2E 24 87 33 60 E5 C3 d.c...J...$.3`.. ] Cert Issuer: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM Cert Subject: CN=DigiCert QuoVadis TLS ICA QV Root CA 1 G3, O="DigiCert, Inc", C=US Key: RSA ] certpath: KeySizeConstraints.permits(): RSA certpath: -checker2 validation succeeded certpath: -Using checker3 ... [sun.security.provider.certpath.KeyChecker] certpath: KeyChecker.verifyCAKeyUsage() ---checking CA key usage... certpath: KeyChecker.verifyCAKeyUsage() CA key usage verified. certpath: -checker3 validation succeeded certpath: -Using checker4 ... [sun.security.provider.certpath.ConstraintsChecker] certpath: ---checking basic constraints... certpath: i = 1 certpath: maxPathLength = 2 certpath: after processing, maxPathLength = 0 certpath: basic constraints verified. certpath: ---checking name constraints... certpath: prevNC = null certpath: newNC = null certpath: mergedNC = null certpath: name constraints verified. certpath: -checker4 validation succeeded certpath: -Using checker5 ... [sun.security.provider.certpath.PolicyChecker] certpath: PolicyChecker.checkPolicy() ---checking certificate policies... certpath: PolicyChecker.checkPolicy() certIndex = 1 certpath: PolicyChecker.checkPolicy() BEFORE PROCESSING: explicitPolicy = 3 certpath: PolicyChecker.checkPolicy() BEFORE PROCESSING: policyMapping = 3 certpath: PolicyChecker.checkPolicy() BEFORE PROCESSING: inhibitAnyPolicy = 3 certpath: PolicyChecker.checkPolicy() BEFORE PROCESSING: policyTree = anyPolicy ROOT certpath: PolicyChecker.processPolicies() policiesCritical = false certpath: PolicyChecker.processPolicies() rejectPolicyQualifiers = true certpath: PolicyChecker.processPolicies() processing policy: 2.23.140.1.2.2 certpath: PolicyChecker.processParents(): matchAny = false certpath: PolicyChecker.processParents(): matchAny = true certpath: PolicyChecker.processParents() found parent: anyPolicy ROOT certpath: PolicyChecker.checkPolicy() AFTER PROCESSING: explicitPolicy = 2 certpath: PolicyChecker.checkPolicy() AFTER PROCESSING: policyMapping = 2 certpath: PolicyChecker.checkPolicy() AFTER PROCESSING: inhibitAnyPolicy = 2 certpath: PolicyChecker.checkPolicy() AFTER PROCESSING: policyTree = anyPolicy ROOT 2.23.140.1.2.2 CRIT: false EP: 2.23.140.1.2.2 (1) certpath: PolicyChecker.checkPolicy() certificate policies verified certpath: -checker5 validation succeeded certpath: -Using checker6 ... [sun.security.provider.certpath.BasicChecker] certpath: ---checking validity:Fri Oct 22 07:00:29 GMT 2021... certpath: validity verified. certpath: ---checking subject/issuer name chaining... certpath: subject/issuer name chaining verified. certpath: ---checking signature... certpath: signature verified. certpath: BasicChecker.updateState issuer: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM; subject: CN=DigiCert QuoVadis TLS ICA QV Root CA 1 G3, O="DigiCert, Inc", C=US; serial#: 229604793349650140650830802688948377399581155569 certpath: -checker6 validation succeeded certpath: -Using checker7 ... [sun.security.provider.certpath.OCSPChecker] certpath: Issuer certificate key ID: 0xa397d6f35ea210e1ab459f3c17643cee01709ccc certpath: Responder's certificate is the same as the issuer of the certificate being validated certpath: Located 1 trusted responder certificate(s) certpath: connecting to OCSP service at: http://ocsp.quovadisglobal.com certpath: OCSP response status: SUCCESSFUL certpath: OCSP response type: basic certpath: Responder ID: byName: CN=QuoVadis OCSP Authority Signature, O=QuoVadis Limited, C=BM certpath: OCSP response produced at: Fri Oct 22 07:00:29 GMT 2021 certpath: OCSP number of SingleResponses: 1 certpath: thisUpdate: Fri Oct 22 07:00:29 GMT 2021 certpath: nextUpdate: Sun Oct 24 07:00:29 GMT 2021 certpath: OCSP response validity interval is from Fri Oct 22 07:00:29 GMT 2021 until Sun Oct 24 07:00:29 GMT 2021 certpath: Checking validity of OCSP response on: Fri Oct 22 07:00:30 GMT 2021 certpath: Signer certificate name: CN=QuoVadis OCSP Authority Signature, O=QuoVadis Limited, C=BM certpath: Signer certificate key ID: 0x0c9c1a56507a8070bfcff8184fa1cc9b5fd3c21e certpath: Issuer certificate key ID: 0xa397d6f35ea210e1ab459f3c17643cee01709ccc certpath: Constraints.permits(): SHA256withRSA, [ Variant: generic Anchor: [ Trusted CA cert: [ [ Version: V3 Subject: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 4096 bits modulus: 655775895775617526454917202166845877898971172380096574027708125889948413811353726176004925862935288224846030718254836482640813693329057923697969271538313140218015869178833667875455570220944769061756577538580708090997230864651750202801494365971449490684949999038641340762278537632062729015133908889104515262586703992939030809659620187090006370352603622735718296887505352605779074746039663740740021478434526471741784117934612387829188089058987368376987974775468903659636930890191660126754972496210420148052354666679500597116741475263852651397627894195504424100619664611331889492784540838781304704273743642077207289262386626815498644374268922463521843043115663121226853149820112809641774187898364740162059033501495842219756807938163714451363995610280196085777589237954647813866380126116547877576992395419370960998307647750509962252223404945010391974334932635041427084606151214845277717064932938714190947575922072755801483695717783811668595418189247477065894071751146679095032661094173683098518477658231479739835919031527627994531060245721199429852842803412219555453190936662417281679057414936147298523075575226011414376399787230301552147038651684589377296957568328889587177284893711238940271756346683754018903331037884878204428884636499 public exponent: 65537 Validity: [From: Thu Jan 12 17:27:44 GMT 2012, To: Sun Jan 12 17:27:44 GMT 2042] Issuer: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM SerialNumber: [ 78585f2e ad2c194b e3370735 341328b5 96d46593] Certificate Extensions: 3 [1]: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2147483647 ] [2]: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ Key_CertSign Crl_Sign ] [3]: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: A3 97 D6 F3 5E A2 10 E1 AB 45 9F 3C 17 64 3C EE ....^....E.<.d<. 0010: 01 70 9C CC .p.. ] ] ] Algorithm: [SHA256withRSA] Signature: 0000: 18 FA 5B 75 FC 3E 7A C7 5F 77 C7 CA DF CF 5F C3 ..[u.>z._w...._. 0010: 12 C4 40 5D D4 32 AA B8 6A D7 D5 15 15 46 98 23 ..@].2..j....F.# 0020: A5 E6 90 5B 18 99 4C E3 AD 42 A3 82 31 36 88 CD ...[..L..B..16.. 0030: E9 FB C4 04 96 48 8B 01 C7 8D 01 CF 5B 33 06 96 .....H......[3.. 0040: 46 66 74 1D 4F ED C1 B6 B9 B4 0D 61 CC 63 7E D7 Fft.O......a.c.. 0050: 2E 77 8C 96 1C 2A 23 68 6B 85 57 76 70 33 13 FE .w...*#hk.Wvp3.. 0060: E1 4F A6 23 77 18 FA 1A 8C E8 BD 65 C9 CF 3F F4 .O.#w......e..?. 0070: C9 17 DC EB C7 BC C0 04 2E 2D 46 2F 69 66 C3 1B .........-F/if.. 0080: 8F FE EC 3E D3 CA 94 BF ... Output overflow: JT Harness has limited the test output to the text to that at the beginning and the end, so that you can see how the test began, and how it completed. If you need to see more of the output from the test, set the system property javatest.maxOutputSize to a higher value. The current value is 100000 ... .<... 0020: 29 9D 7F 02 F5 A4 C9 A8 93 B7 7A 71 28 69 8F 73 ).........zq(i.s 0030: E1 52 90 DA D5 BE 3A E5 B7 76 6A 56 80 21 DF 5D .R....:..vjV.!.] 0040: E6 E9 3A 9E E5 3E F6 A2 69 C7 2A 0A B0 18 47 DC ..:..>..i.*...G. 0050: 20 70 7D 52 A3 3E 59 7C C1 BA C9 C8 15 40 61 CA p.R.>Y......@a. 0060: 72 D6 70 AC D2 B7 F0 1C E4 86 29 F0 CE EF 68 63 r.p.......)...hc 0070: D0 B5 20 8A 15 61 9A 7E 86 98 B4 C9 C2 76 FB CC .. ..a.......v.. 0080: BA 30 16 CC A3 61 C6 74 13 E5 6B EF A3 15 EA 03 .0...a.t..k..... 0090: FE 13 8B 64 E4 D3 C1 D2 E8 84 FB 49 D1 10 4D 79 ...d.......I..My 00A0: 66 EB AA FD F4 8D 31 1E 70 14 AD DC DE 67 13 4C f.....1.p....g.L 00B0: 81 15 61 BC B7 D9 91 77 71 19 81 60 BB F0 58 A5 ..a....wq..`..X. 00C0: B5 9C 0B F7 8F 22 55 27 C0 4B 01 6D 3B 99 0D D4 ....."U'.K.m;... 00D0: 1D 9B 63 67 2F D0 EE 0D CA 66 BC 94 4F A6 AD ED ..cg/....f..O... 00E0: FC EE 63 AC 57 3F 65 25 CF B2 86 8F D0 08 FF B8 ..c.W?e%........ 00F0: 76 14 6E DE E5 27 EC AB 78 B5 53 B9 B6 3F E8 20 v.n..'..x.S..?. 0100: F9 D2 A8 BE 61 46 CA 87 8C 84 F3 F9 F1 A0 68 9B ....aF........h. 0110: 22 1E 81 26 9B 10 04 91 71 C0 06 1F DC A0 D3 B9 "..&....q....... 0120: 56 A7 E3 98 2D 7F 83 9D DF 8C 2B 9C 32 8E 32 94 V...-.....+.2.2. 0130: F0 01 3C 22 2A 9F 43 C2 2E C3 98 39 07 38 7B FC ..<"*.C....9.8.. 0140: 5E 00 42 1F F3 32 26 79 83 84 F6 E5 F0 C1 51 12 ^.B..2&y......Q. 0150: C0 0B 1E 04 23 0C 54 A5 4C 2F 49 C5 4A D1 B6 6E ....#.T.L/I.J..n 0160: 60 0D 6B FC 6B 8B 85 24 64 B7 89 0E AB 25 47 5B `.k.k..$d....%G[ 0170: 3C CF 7E 49 BD C7 E9 0A C6 DA F7 7E 0E 17 08 D3 <..I............ 0180: 48 97 D0 71 92 F0 0F 39 3E 34 6A 1C 7D D8 F2 22 H..q...9>4j...." 0190: AE BB 69 F4 33 B4 A6 48 55 D1 0F 0E 26 E8 EC B6 ..i.3..HU...&... 01A0: 0B 2D A7 85 35 CD FD 59 C8 9F D1 CD 3E 5A 29 34 .-..5..Y....>Z)4 01B0: B9 3D 84 CE B1 65 D4 59 91 91 56 75 21 C1 77 9E .=...e.Y..Vu!.w. 01C0: F9 7A E1 60 9D D3 AD 04 18 F4 7C EB 5E 93 8F 53 .z.`........^..S 01D0: 4A 22 29 F8 48 2B 3E 4D 86 AC 5B 7F CB 06 99 59 J").H+>M..[....Y 01E0: 60 D8 58 65 95 8D 44 D1 F7 7F 7E 27 7F 7D AE 80 `.Xe..D....'.... 01F0: F5 07 4C B6 3E 9C 71 54 99 04 4B FD 58 F9 98 F4 ..L.>.qT..K.X... ] Key: RSA ] certpath: Verified signature of OCSP Responder certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 3cb2f4480a00e2feeb243b5e603ec36b Issuer: CN=GeoTrust Primary Certification Authority - G2, OU=(c) 2007 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US Subject: CN=GeoTrust Primary Certification Authority - G2, OU=(c) 2007 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 66c9fd5749736663f3b0b9ad9e89e7603f24a Issuer: CN=Amazon Root CA 3, O=Amazon, C=US Subject: CN=Amazon Root CA 3, O=Amazon, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 7c4f04391cd4992d Issuer: CN=AffirmTrust Networking, O=AffirmTrust, C=US Subject: CN=AffirmTrust Networking, O=AffirmTrust, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 1 Issuer: CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US Subject: CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 2a38a41c960a04de42b228a50be8349802 Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4 Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 344ed55720d5edec49f42fce37db2b6d Issuer: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US Subject: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 1 Issuer: CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE Subject: CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 509 Issuer: CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM Subject: CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 600197b746a7eab4b49ad64b2ff790fb Issuer: CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US Subject: CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: a3da427ea4b1aeda Issuer: CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU Subject: CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 2 Issuer: CN=Buypass Class 3 Root CA, O=Buypass AS-983163327, C=NO Subject: CN=Buypass Class 3 Root CA, O=Buypass AS-983163327, C=NO) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: a68b79290000000050d091f9 Issuer: CN=Entrust Root Certification Authority - EC1, OU="(c) 2012 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US Subject: CN=Entrust Root Certification Authority - EC1, OU="(c) 2012 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: ce7e0e517d846fe8fe560fc1bf03039 Issuer: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Subject: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 0 Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 2ac5c266a0b409b8f0b79f2ae462577 Issuer: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Subject: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: bb401c43f55e4fb0 Issuer: CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH Subject: CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 4a538c28 Issuer: CN=Entrust Root Certification Authority - G2, OU="(c) 2009 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US Subject: CN=Entrust Root Certification Authority - G2, OU="(c) 2009 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 55556bcf25ea43535c3a40fd5ab4572 Issuer: CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US Subject: CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 7777062726a9b17c Issuer: CN=AffirmTrust Commercial, O=AffirmTrust, C=US Subject: CN=AffirmTrust Commercial, O=AffirmTrust, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 66c9fd29635869f0a0fe58678f85b26bb8a37 Issuer: CN=Amazon Root CA 2, O=Amazon, C=US Subject: CN=Amazon Root CA 2, O=Amazon, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 66c9fd7c1bb104c2943e5717b7b2cc81ac10e Issuer: CN=Amazon Root CA 4, O=Amazon, C=US Subject: CN=Amazon Root CA 4, O=Amazon, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 3ab6508b Issuer: CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM Subject: CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 9b7e0649a33e62b9d5ee90487129ef57 Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 1fd6d30fca3ca51a81bbc640e35032d Issuer: CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US Subject: CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 5c8b99c55a94c5d27156decd8980cc26 Issuer: CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US Subject: CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 45e6bb038333c3856548e6ff4551 Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R6 Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R6) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 401ac46421b31321030ebbe4121ac51d Issuer: CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Subject: CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 4caaf9cadb636fe01ff74ed85b03869d Issuer: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Subject: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 4eb200670c035d4f Issuer: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 50946cec18ead59c4dd597ef758fa0ad Issuer: CN=XRamp Global Certification Authority, O=XRamp Security Services Inc, OU=www.xrampsecurity.com, C=US Subject: CN=XRamp Global Certification Authority, O=XRamp Security Services Inc, OU=www.xrampsecurity.com, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 33af1e6a711a9a0bb2864b11d09fae5 Issuer: CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US Subject: CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 0 Issuer: CN=Hellenic Academic and Research Institutions RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR Subject: CN=Hellenic Academic and Research Institutions RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: c9cdd3e9d57d23ce Issuer: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU Subject: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 444c0 Issuer: CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL Subject: CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 56b629cd34bc78f6 Issuer: CN=SSL.com EV Root Certification Authority RSA R2, O=SSL Corporation, L=Houston, ST=Texas, C=US Subject: CN=SSL.com EV Root Certification Authority RSA R2, O=SSL Corporation, L=Houston, ST=Texas, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 1f47afaa62007050544c019e9b63992a Issuer: CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Subject: CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 4000000000121585308a2 Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3 Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 5c6 Issuer: CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM Subject: CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 18dad19e267de8bb4a2158cdcc6b3b4a Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 15c8bd65475cafb897005ee406d2bc9d Issuer: OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd.", C=TW Subject: OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd.", C=TW) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 78585f2ead2c194be3370735341328b596d46593 Issuer: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM Subject: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: a7ea6df4b449eda6a24859ee6b815d3167fbbb1 Issuer: CN=LuxTrust Global Root 2, O=LuxTrust S.A., C=LU Subject: CN=LuxTrust Global Root 2, O=LuxTrust S.A., C=LU) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 7497258ac73f7a54 Issuer: CN=AffirmTrust Premium ECC, O=AffirmTrust, C=US Subject: CN=AffirmTrust Premium ECC, O=AffirmTrust, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: d9b5437fafa9390f000000005565ad58 Issuer: CN=Entrust Root Certification Authority - G4, OU="(c) 2015 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US Subject: CN=Entrust Root Certification Authority - G4, OU="(c) 2015 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 1 Issuer: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE Subject: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 20000b9 Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 15ac6e9419b2794b41f627a9c3180f1f Issuer: CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US Subject: CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 6d8c1446b1a60aee Issuer: CN=AffirmTrust Premium, O=AffirmTrust, C=US Subject: CN=AffirmTrust Premium, O=AffirmTrust, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 40000000001154b5ac394 Issuer: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE Subject: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 0 Issuer: OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.", C=JP Subject: OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.", C=JP) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 4f1bd42f54bb2f4b Issuer: CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH Subject: CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 0 Issuer: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US Subject: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 66c9fcf99bf8c0a39e2f0788a43e696365bca Issuer: CN=Amazon Root CA 1, O=Amazon, C=US Subject: CN=Amazon Root CA 1, O=Amazon, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: ba15afa1ddfa0b54944afcd24a06cec Issuer: CN=DigiCert Assured ID Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US Subject: CN=DigiCert Assured ID Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 44be0c8b500024b411d3362de0b35f1b Issuer: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US Subject: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 983f4 Issuer: CN=D-TRUST Root Class 3 CA 2 EV 2009, O=D-Trust GmbH, C=DE Subject: CN=D-TRUST Root Class 3 CA 2 EV 2009, O=D-Trust GmbH, C=DE) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 570a119742c4e3cc Issuer: CN=Actalis Authentication Root CA, O=Actalis S.p.A./03358520967, L=Milan, C=IT Subject: CN=Actalis Authentication Root CA, O=Actalis S.p.A./03358520967, L=Milan, C=IT) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 2f80fe238c0e220f486712289187acb3 Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: cf08e5c0816a5ad427ff0eb271859d0 Issuer: CN=SecureTrust CA, O=SecureTrust Corporation, C=US Subject: CN=SecureTrust CA, O=SecureTrust Corporation, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 2 Issuer: CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO Subject: CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 0 Issuer: CN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US Subject: CN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 23456 Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 0 Issuer: CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US Subject: CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 0 Issuer: CN=Hellenic Academic and Research Institutions ECC RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR Subject: CN=Hellenic Academic and Research Institutions ECC RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 83be056904246b1a1756ac95991c74a Issuer: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Subject: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 35fc265cd9844fc93d263d579baed756 Issuer: CN=thawte Primary Root CA - G2, OU="(c) 2007 thawte, Inc. - For authorized use only", O="thawte, Inc.", C=US Subject: CN=thawte Primary Root CA - G2, OU="(c) 2007 thawte, Inc. - For authorized use only", O="thawte, Inc.", C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 3863def8 Issuer: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net Subject: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 445734245b81899b35f2ceb82b3b5ba726f07528 Issuer: CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM Subject: CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 75e6dfcbc1685ba8 Issuer: CN=SSL.com Root Certification Authority ECC, O=SSL Corporation, L=Houston, ST=Texas, C=US Subject: CN=SSL.com Root Certification Authority ECC, O=SSL Corporation, L=Houston, ST=Texas, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 7b2c9bd316803299 Issuer: CN=SSL.com Root Certification Authority RSA, O=SSL Corporation, L=Houston, ST=Texas, C=US Subject: CN=SSL.com Root Certification Authority RSA, O=SSL Corporation, L=Houston, ST=Texas, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: a0142800000014523cf467c00000002 Issuer: CN=IdenTrust Public Sector Root CA 1, O=IdenTrust, C=US Subject: CN=IdenTrust Public Sector Root CA 1, O=IdenTrust, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 0 Issuer: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP Subject: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 8210cfb0d240e3594463e0bb63828b00 Issuer: CN=ISRG Root X1, O=Internet Security Research Group, C=US Subject: CN=ISRG Root X1, O=Internet Security Research Group, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 0 Issuer: CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU Subject: CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 605949e0262ebb55f90a778a71f94ad86c Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R5 Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R5) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 95be16a0f72e46f17b398272fa8bcd96 Issuer: CN=TeliaSonera Root CA v1, O=TeliaSonera Subject: CN=TeliaSonera Root CA v1, O=TeliaSonera) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: a0142800000014523c844b500000002 Issuer: CN=IdenTrust Commercial Root CA 1, O=IdenTrust, C=US Subject: CN=IdenTrust Commercial Root CA 1, O=IdenTrust, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 59b1b579e8e2132e23907bda777755c Issuer: CN=DigiCert Trusted Root G4, OU=www.digicert.com, O=DigiCert Inc, C=US Subject: CN=DigiCert Trusted Root G4, OU=www.digicert.com, O=DigiCert Inc, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 1e9e28e848f2e5efc37c4a1e5a1867b6 Issuer: CN=Swisscom Root CA 2, OU=Digital Certificate Services, O=Swisscom, C=ch Subject: CN=Swisscom Root CA 2, OU=Digital Certificate Services, O=Swisscom, C=ch) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 10020 Issuer: CN=Certum CA, O=Unizeto Sp. z o.o., C=PL Subject: CN=Certum CA, O=Unizeto Sp. z o.o., C=PL) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: bb8 Issuer: CN=LuxTrust Global Root, O=LuxTrust s.a., C=LU Subject: CN=LuxTrust Global Root, O=LuxTrust s.a., C=LU) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 1 Issuer: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB Subject: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 1 Issuer: CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE Subject: CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 18acb56afd69b6153a636cafdafac4a1 Issuer: CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US Subject: CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 456b5054 Issuer: CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US Subject: CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: b931c3ad63967ea6723bfc3af9af44b Issuer: CN=DigiCert Assured ID Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US Subject: CN=DigiCert Assured ID Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 983f3 Issuer: CN=D-TRUST Root Class 3 CA 2 2009, O=D-Trust GmbH, C=DE Subject: CN=D-TRUST Root Class 3 CA 2 2009, O=D-Trust GmbH, C=DE) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert STATUS:Passed. ----------rerun:(30/2387)*---------- cd /opt/jpgansible/sandbox/results/workDir/closed/security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA && \\ DISPLAY=:0 \\ HOME=/opt/jpgansible \\ JTREG_COF=false \\ JTREG_HOME=/opt/jpgansible/CommonData/jtreg_dir \\ JTREG_OPTS='-vmoption:-Xmx768M -javaoption:-Xmixed -javaoption:-server -javaoption:-d64 -javaoption:-Djavatest.maxOutputSize=2147483647 '-k:!ignore' -timeout:3 -J-Djavatest.script.jtrIfPassed=false -verbose:time -othervm -conc:1 -vmoptions:'-XX:MaxRAMFraction=2'' \\ LANG=C \\ PATH=/bin:/usr/bin \\ CLASSPATH=/opt/jpgansible/sandbox/results/workDir/classes/closed/security/infra/java/security/cert/CertPathValidator/certification:/opt/jpgansible/CommonData/baseoftests/jdk/test/closed/security/infra/java/security/cert/CertPathValidator/certification:/opt/jpgansible/CommonData/jdk/lib/tools.jar:/opt/jpgansible/CommonData/jtreg_dir/lib/javatest.jar:/opt/jpgansible/CommonData/jtreg_dir/lib/jtreg.jar \\ /opt/jpgansible/CommonData/jdk/bin/java \\ -Dtest.src=/opt/jpgansible/CommonData/baseoftests/jdk/test/closed/security/infra/java/security/cert/CertPathValidator/certification \\ -Dtest.src.path=/opt/jpgansible/CommonData/baseoftests/jdk/test/closed/security/infra/java/security/cert/CertPathValidator/certification \\ -Dtest.classes=/opt/jpgansible/sandbox/results/workDir/classes/closed/security/infra/java/security/cert/CertPathValidator/certification \\ -Dtest.class.path=/opt/jpgansible/sandbox/results/workDir/classes/closed/security/infra/java/security/cert/CertPathValidator/certification \\ -Dtest.vm.opts='-d64 -Xmx768M -XX:MaxRAMFraction=2' \\ -Dtest.tool.vm.opts='-J-d64 -J-Xmx768M -J-XX:MaxRAMFraction=2' \\ -Dtest.compiler.opts= \\ -Dtest.java.opts='-Xmixed -server -d64 -Djavatest.maxOutputSize=2147483647' \\ -Dtest.jdk=/opt/jpgansible/CommonData/jdk \\ -Dcompile.jdk=/opt/jpgansible/CommonData/jdk \\ -Dtest.timeout.factor=3.0 \\ -d64 \\ -Xmx768M \\ -XX:MaxRAMFraction=2 \\ -Xmixed \\ -server \\ -d64 \\ -Djavatest.maxOutputSize=2147483647 \\ -Djava.security.debug=certpath \\ com.sun.javatest.regtest.agent.MainWrapper /opt/jpgansible/sandbox/results/workDir/closed/security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.d/main.0.jta OCSP result: Passed. Execution successful #section:build ----------messages:(3/93)---------- command: build QuoVadisCA reason: Named class compiled on demand elapsed time (seconds): 0.0 result: Passed. All files up to date #section:main ----------messages:(4/221)---------- command: main -Djava.security.debug=certpath QuoVadisCA CRL reason: User specified action: run main/othervm -Djava.security.debug=certpath QuoVadisCA CRL Mode: othervm [/othervm specified] elapsed time (seconds): 10.872 ----------configuration:(0/0)---------- ----------System.out:(14/608)---------- ===================================================== CONFIGURATION ===================================================== PROXY_HOST :www-proxy.us.oracle.com PROXY_PORT :80 jdk.certpath.disabledAlgorithms :MD2, MD5, SHA1 jdkCA & usage TLSServer, RSA keySize < 1024, DSA keySize < 1024, EC keySize < 224, include jdk.disabled.namedCurves OCSP ENABLE :false CRLDP ENABLE :true OCSP responder set :null Trusted root set: false Expected EE Status:GOOD ===================================================== Received exception: java.security.cert.CertPathValidatorException: Could not determine revocation status ----------System.err:(1189/77739)*---------- certpath: Constraints: MD2 certpath: Constraints: MD5 certpath: Constraints: RSA keySize < 1024 certpath: Constraints set to keySize: keySize < 1024 certpath: Constraints: DSA keySize < 1024 certpath: Constraints set to keySize: keySize < 1024 certpath: Constraints: secp112r1 certpath: Constraints: secp112r2 certpath: Constraints: secp128r1 certpath: Constraints: secp128r2 certpath: Constraints: secp160k1 certpath: Constraints: secp160r1 certpath: Constraints: secp160r2 certpath: Constraints: secp192k1 certpath: Constraints: secp192r1 certpath: Constraints: secp224k1 certpath: Constraints: secp224r1 certpath: Constraints: secp256k1 certpath: Constraints: sect113r1 certpath: Constraints: sect113r2 certpath: Constraints: sect131r1 certpath: Constraints: sect131r2 certpath: Constraints: sect163k1 certpath: Constraints: sect163r1 certpath: Constraints: sect163r2 certpath: Constraints: sect193r1 certpath: Constraints: sect193r2 certpath: Constraints: sect233k1 certpath: Constraints: sect233r1 certpath: Constraints: sect239k1 certpath: Constraints: sect283k1 certpath: Constraints: sect283r1 certpath: Constraints: sect409k1 certpath: Constraints: sect409r1 certpath: Constraints: sect571k1 certpath: Constraints: sect571r1 certpath: Constraints: X9.62 c2tnb191v1 certpath: Constraints: X9.62 c2tnb191v2 certpath: Constraints: X9.62 c2tnb191v3 certpath: Constraints: X9.62 c2tnb239v1 certpath: Constraints: X9.62 c2tnb239v2 certpath: Constraints: X9.62 c2tnb239v3 certpath: Constraints: X9.62 c2tnb359v1 certpath: Constraints: X9.62 c2tnb431r1 certpath: Constraints: X9.62 prime192v2 certpath: Constraints: X9.62 prime192v3 certpath: Constraints: X9.62 prime239v1 certpath: Constraints: X9.62 prime239v2 certpath: Constraints: X9.62 prime239v3 certpath: Constraints: brainpoolP256r1 certpath: Constraints: brainpoolP320r1 certpath: Constraints: brainpoolP384r1 certpath: Constraints: brainpoolP512r1 certpath: Constraints.permits(): SHA256withRSA, [ Variant: generic Certs Issued by Anchor: Cert Issuer: CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Oracle Corporation Cert Subject: CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Oracle Corporation Key: RSA ] certpath: Constraints.permits(): SHA256, [ Variant: generic Certs Issued by Anchor: Cert Issuer: CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Oracle Corporation Cert Subject: CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Oracle Corporation Key: RSA ] certpath: Constraints.permits(): SHA-256, [ Variant: generic Certs Issued by Anchor: Cert Issuer: CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Oracle Corporation Cert Subject: CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Oracle Corporation Key: RSA ] certpath: Constraints.permits(): SHA-256, [ Variant: generic Certs Issued by Anchor: Cert Issuer: CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Oracle Corporation Cert Subject: CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Oracle Corporation Key: RSA ] certpath: Constraints.permits(): SHA256withRSA, [ Variant: generic Certs Issued by Anchor: Cert Issuer: CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Oracle Corporation Cert Subject: CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Oracle Corporation Cert Issuer: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Cert Subject: CN=DigiCert SHA2 Assured ID Timestamping CA, OU=www.digicert.com, O=DigiCert Inc, C=US Key: RSA Key: RSA Timestamp: Wed Sep 15 09:13:27 GMT 2021 ] certpath: Constraints.permits(): SHA256, [ Variant: generic Certs Issued by Anchor: Cert Issuer: CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Oracle Corporation Cert Subject: CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Oracle Corporation Cert Issuer: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Cert Subject: CN=DigiCert SHA2 Assured ID Timestamping CA, OU=www.digicert.com, O=DigiCert Inc, C=US Key: RSA Key: RSA Timestamp: Wed Sep 15 09:13:27 GMT 2021 ] certpath: Constraints.permits(): SHA-256, [ Variant: generic Certs Issued by Anchor: Cert Issuer: CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Oracle Corporation Cert Subject: CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Oracle Corporation Cert Issuer: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Cert Subject: CN=DigiCert SHA2 Assured ID Timestamping CA, OU=www.digicert.com, O=DigiCert Inc, C=US Key: RSA Key: RSA Timestamp: Wed Sep 15 09:13:27 GMT 2021 ] certpath: Constraints.permits(): SHA-256, [ Variant: generic Certs Issued by Anchor: Cert Issuer: CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Oracle Corporation Cert Subject: CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Oracle Corporation Cert Issuer: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Cert Subject: CN=DigiCert SHA2 Assured ID Timestamping CA, OU=www.digicert.com, O=DigiCert Inc, C=US Key: RSA Key: RSA Timestamp: Wed Sep 15 09:13:27 GMT 2021 ] certpath: PKIXCertPathValidator.engineValidate()... certpath: PKIXCertPathValidator.engineValidate() reversing certpath... certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 344ed55720d5edec49f42fce37db2b6d Issuer: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US Subject: CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 605949e0262ebb55f90a778a71f94ad86c Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R5 Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R5) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 0 Issuer: CN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US Subject: CN=Starfield Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 15c8bd65475cafb897005ee406d2bc9d Issuer: OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd.", C=TW Subject: OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd.", C=TW) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 3863def8 Issuer: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net Subject: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 0 Issuer: CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US Subject: CN=Go Daddy Root Certificate Authority - G2, O="GoDaddy.com, Inc.", L=Scottsdale, ST=Arizona, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 3ab6508b Issuer: CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM Subject: CN=QuoVadis Root Certification Authority, OU=Root Certification Authority, O=QuoVadis Limited, C=BM) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: ce7e0e517d846fe8fe560fc1bf03039 Issuer: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Subject: CN=DigiCert Assured ID Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: c9cdd3e9d57d23ce Issuer: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU Subject: CN=Global Chambersign Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 4a538c28 Issuer: CN=Entrust Root Certification Authority - G2, OU="(c) 2009 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US Subject: CN=Entrust Root Certification Authority - G2, OU="(c) 2009 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 1 Issuer: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE Subject: CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: b931c3ad63967ea6723bfc3af9af44b Issuer: CN=DigiCert Assured ID Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US Subject: CN=DigiCert Assured ID Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: a0142800000014523c844b500000002 Issuer: CN=IdenTrust Commercial Root CA 1, O=IdenTrust, C=US Subject: CN=IdenTrust Commercial Root CA 1, O=IdenTrust, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: a0142800000014523cf467c00000002 Issuer: CN=IdenTrust Public Sector Root CA 1, O=IdenTrust, C=US Subject: CN=IdenTrust Public Sector Root CA 1, O=IdenTrust, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 18dad19e267de8bb4a2158cdcc6b3b4a Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: d9b5437fafa9390f000000005565ad58 Issuer: CN=Entrust Root Certification Authority - G4, OU="(c) 2015 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US Subject: CN=Entrust Root Certification Authority - G4, OU="(c) 2015 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 600197b746a7eab4b49ad64b2ff790fb Issuer: CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US Subject: CN=thawte Primary Root CA - G3, OU="(c) 2008 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 75e6dfcbc1685ba8 Issuer: CN=SSL.com Root Certification Authority ECC, O=SSL Corporation, L=Houston, ST=Texas, C=US Subject: CN=SSL.com Root Certification Authority ECC, O=SSL Corporation, L=Houston, ST=Texas, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 66c9fcf99bf8c0a39e2f0788a43e696365bca Issuer: CN=Amazon Root CA 1, O=Amazon, C=US Subject: CN=Amazon Root CA 1, O=Amazon, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 66c9fd5749736663f3b0b9ad9e89e7603f24a Issuer: CN=Amazon Root CA 3, O=Amazon, C=US Subject: CN=Amazon Root CA 3, O=Amazon, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 0 Issuer: CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU Subject: CN=Chambers of Commerce Root, OU=http://www.chambersign.org, O=AC Camerfirma SA CIF A82743287, C=EU) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 1 Issuer: CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US Subject: CN=GeoTrust Universal CA, O=GeoTrust Inc., C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 5c6 Issuer: CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM Subject: CN=QuoVadis Root CA 3, O=QuoVadis Limited, C=BM) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 7497258ac73f7a54 Issuer: CN=AffirmTrust Premium ECC, O=AffirmTrust, C=US Subject: CN=AffirmTrust Premium ECC, O=AffirmTrust, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 78585f2ead2c194be3370735341328b596d46593 Issuer: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM Subject: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM) certpath: X509CertSelector.match returning: true certpath: YES - try this trustedCert certpath: anchor.getTrustedCert().getSubjectX500Principal() = CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM certpath: Constraints: MD2 certpath: Constraints: MD5 certpath: Constraints: SHA1 jdkCA & usage TLSServer certpath: Constraints set to jdkCA. certpath: Constraints usage length is 1 certpath: Constraints: RSA keySize < 1024 certpath: Constraints set to keySize: keySize < 1024 certpath: Constraints: DSA keySize < 1024 certpath: Constraints set to keySize: keySize < 1024 certpath: Constraints: EC keySize < 224 certpath: Constraints set to keySize: keySize < 224 certpath: Constraints: secp112r1 certpath: Constraints: secp112r2 certpath: Constraints: secp128r1 certpath: Constraints: secp128r2 certpath: Constraints: secp160k1 certpath: Constraints: secp160r1 certpath: Constraints: secp160r2 certpath: Constraints: secp192k1 certpath: Constraints: secp192r1 certpath: Constraints: secp224k1 certpath: Constraints: secp224r1 certpath: Constraints: secp256k1 certpath: Constraints: sect113r1 certpath: Constraints: sect113r2 certpath: Constraints: sect131r1 certpath: Constraints: sect131r2 certpath: Constraints: sect163k1 certpath: Constraints: sect163r1 certpath: Constraints: sect163r2 certpath: Constraints: sect193r1 certpath: Constraints: sect193r2 certpath: Constraints: sect233k1 certpath: Constraints: sect233r1 certpath: Constraints: sect239k1 certpath: Constraints: sect283k1 certpath: Constraints: sect283r1 certpath: Constraints: sect409k1 certpath: Constraints: sect409r1 certpath: Constraints: sect571k1 certpath: Constraints: sect571r1 certpath: Constraints: X9.62 c2tnb191v1 certpath: Constraints: X9.62 c2tnb191v2 certpath: Constraints: X9.62 c2tnb191v3 certpath: Constraints: X9.62 c2tnb239v1 certpath: Constraints: X9.62 c2tnb239v2 certpath: Constraints: X9.62 c2tnb239v3 certpath: Constraints: X9.62 c2tnb359v1 certpath: Constraints: X9.62 c2tnb431r1 certpath: Constraints: X9.62 prime192v2 certpath: Constraints: X9.62 prime192v3 certpath: Constraints: X9.62 prime239v1 certpath: Constraints: X9.62 prime239v2 certpath: Constraints: X9.62 prime239v3 certpath: Constraints: brainpoolP256r1 certpath: Constraints: brainpoolP320r1 certpath: Constraints: brainpoolP384r1 certpath: Constraints: brainpoolP512r1 certpath: -------------------------------------------------------------- certpath: Executing PKIX certification path validation algorithm. certpath: Checking cert1 ... certpath: Set of critical extensions: certpath: 2.5.29.15 certpath: 2.5.29.19 certpath: -Using checker1 ... [sun.security.provider.certpath.UntrustedChecker] certpath: -checker1 validation succeeded certpath: -Using checker2 ... [sun.security.provider.certpath.AlgorithmChecker] certpath: Constraints.permits(): SHA256withRSA, [ Variant: generic Anchor: [ Trusted CA cert: [ [ Version: V3 Subject: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 4096 bits modulus: 655775895775617526454917202166845877898971172380096574027708125889948413811353726176004925862935288224846030718254836482640813693329057923697969271538313140218015869178833667875455570220944769061756577538580708090997230864651750202801494365971449490684949999038641340762278537632062729015133908889104515262586703992939030809659620187090006370352603622735718296887505352605779074746039663740740021478434526471741784117934612387829188089058987368376987974775468903659636930890191660126754972496210420148052354666679500597116741475263852651397627894195504424100619664611331889492784540838781304704273743642077207289262386626815498644374268922463521843043115663121226853149820112809641774187898364740162059033501495842219756807938163714451363995610280196085777589237954647813866380126116547877576992395419370960998307647750509962252223404945010391974334932635041427084606151214845277717064932938714190947575922072755801483695717783811668595418189247477065894071751146679095032661094173683098518477658231479739835919031527627994531060245721199429852842803412219555453190936662417281679057414936147298523075575226011414376399787230301552147038651684589377296957568328889587177284893711238940271756346683754018903331037884878204428884636499 public exponent: 65537 Validity: [From: Thu Jan 12 17:27:44 GMT 2012, To: Sun Jan 12 17:27:44 GMT 2042] Issuer: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM SerialNumber: [ 78585f2e ad2c194b e3370735 341328b5 96d46593] Certificate Extensions: 3 [1]: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2147483647 ] [2]: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ Key_CertSign Crl_Sign ] [3]: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: A3 97 D6 F3 5E A2 10 E1 AB 45 9F 3C 17 64 3C EE ....^....E.<.d<. 0010: 01 70 9C CC .p.. ] ] ] Algorithm: [SHA256withRSA] Signature: 0000: 18 FA 5B 75 FC 3E 7A C7 5F 77 C7 CA DF CF 5F C3 ..[u.>z._w...._. 0010: 12 C4 40 5D D4 32 AA B8 6A D7 D5 15 15 46 98 23 ..@].2..j....F.# 0020: A5 E6 90 5B 18 99 4C E3 AD 42 A3 82 31 36 88 CD ...[..L..B..16.. 0030: E9 FB C4 04 96 48 8B 01 C7 8D 01 CF 5B 33 06 96 .....H......[3.. 0040: 46 66 74 1D 4F ED C1 B6 B9 B4 0D 61 CC 63 7E D7 Fft.O......a.c.. 0050: 2E 77 8C 96 1C 2A 23 68 6B 85 57 76 70 33 13 FE .w...*#hk.Wvp3.. 0060: E1 4F A6 23 77 18 FA 1A 8C E8 BD 65 C9 CF 3F F4 .O.#w......e..?. 0070: C9 17 DC EB C7 BC C0 04 2E 2D 46 2F 69 66 C3 1B .........-F/if.. 0080: 8F FE EC 3E D3 CA 94 BF 76 0A 25 0D A9 7B 02 1C ...>....v.%..... 0090: A9 D0 3B 5F 0B C0 81 3A 3D 64 E1 BF A7 2D 4E BD ..;_...:=d...-N. 00A0: 4D C4 D8 29 C6 22 18 D0 C5 AC 72 02 82 3F AA 3A M..)."....r..?.: 00B0: A2 3A 22 97 31 DD 08 63 C3 75 14 B9 60 28 2D 5B .:".1..c.u..`(-[ 00C0: 68 E0 16 A9 66 82 23 51 F5 EB 53 D8 31 9B 7B E9 h...f.#Q..S.1... 00D0: B7 9D 4B EB 88 16 CF F9 5D 38 8A 49 30 8F ED F1 ..K.....]8.I0... 00E0: EB 19 F4 77 1A 31 18 4D 67 54 6C 2F 6F 65 F9 DB ...w.1.MgTl/oe.. 00F0: 3D EC 21 EC 5E F4 F4 8B CA 60 65 54 D1 71 64 F4 =.!.^....`eT.qd. 0100: F9 A6 A3 81 33 36 33 71 F0 A4 78 5F 4E AD 83 21 ....363q..x_N..! 0110: DE 34 49 8D E8 59 AC 9D F2 76 5A 36 F2 13 F4 AF .4I..Y...vZ6.... 0120: E0 09 C7 61 2A 6C F7 E0 9D AE BB 86 4A 28 6F 2E ...a*l......J(o. 0130: EE B4 79 CD 90 33 C3 B3 76 FA F5 F0 6C 9D 01 90 ..y..3..v...l... 0140: FA 9E 90 F6 9C 72 CF 47 DA C3 1F E4 35 20 53 F2 .....r.G....5 S. 0150: 54 D1 DF 61 83 A6 02 E2 25 38 DE 85 32 2D 5E 73 T..a....%8..2-^s 0160: 90 52 5D 42 C4 CE 3D 4B E1 F9 19 84 1D D5 A2 50 .R]B..=K.......P 0170: CC 41 FB 41 14 C3 BD D6 C9 5A A3 63 66 02 80 BD .A.A.....Z.cf... 0180: 05 3A 3B 47 9C EC 00 26 4C F5 88 51 BF A8 23 7F .:;G...&L..Q..#. 0190: 18 07 B0 0B ED 8B 26 A1 64 D3 61 4A EB 5C 9F DE ......&.d.aJ.\\.. 01A0: B3 AF 67 03 B3 1F DD 6D 5D 69 68 69 AB 5E 3A EC ..g....m]ihi.^:. 01B0: 7C 69 BC C7 3B 85 4E 9E 15 B9 B4 15 4F C3 95 7A .i..;.N.....O..z 01C0: 58 D7 C9 6C E9 6C B9 F3 29 63 5E B4 2C F0 2D 3D X..l.l..)c^.,.-= 01D0: ED 5A 65 E0 A9 5B 40 C2 48 99 81 6D 9E 1F 06 2A .Ze..[@.H..m...* 01E0: 3C 12 B4 8B 0F 9B A2 24 F0 A6 8D D6 7A E0 4B B6 <......$....z.K. 01F0: 64 96 63 95 84 C2 4A CD 1C 2E 24 87 33 60 E5 C3 d.c...J...$.3`.. ] Cert Issuer: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM Cert Subject: CN=DigiCert QuoVadis TLS ICA QV Root CA 1 G3, O="DigiCert, Inc", C=US Key: RSA ] certpath: KeySizeConstraints.permits(): RSA certpath: -checker2 validation succeeded certpath: -Using checker3 ... [sun.security.provider.certpath.KeyChecker] certpath: KeyChecker.verifyCAKeyUsage() ---checking CA key usage... certpath: KeyChecker.verifyCAKeyUsage() CA key usage verified. certpath: -checker3 validation succeeded certpath: -Using checker4 ... [sun.security.provider.certpath.ConstraintsChecker] certpath: ---checking basic constraints... certpath: i = 1 certpath: maxPathLength = 2 certpath: after processing, maxPathLength = 0 certpath: basic constraints verified. certpath: ---checking name constraints... certpath: prevNC = null certpath: newNC = null certpath: mergedNC = null certpath: name constraints verified. certpath: -checker4 validation succeeded certpath: -Using checker5 ... [sun.security.provider.certpath.PolicyChecker] certpath: PolicyChecker.checkPolicy() ---checking certificate policies... certpath: PolicyChecker.checkPolicy() certIndex = 1 certpath: PolicyChecker.checkPolicy() BEFORE PROCESSING: explicitPolicy = 3 certpath: PolicyChecker.checkPolicy() BEFORE PROCESSING: policyMapping = 3 certpath: PolicyChecker.checkPolicy() BEFORE PROCESSING: inhibitAnyPolicy = 3 certpath: PolicyChecker.checkPolicy() BEFORE PROCESSING: policyTree = anyPolicy ROOT certpath: PolicyChecker.processPolicies() policiesCritical = false certpath: PolicyChecker.processPolicies() rejectPolicyQualifiers = true certpath: PolicyChecker.processPolicies() processing policy: 2.23.140.1.2.2 certpath: PolicyChecker.processParents(): matchAny = false certpath: PolicyChecker.processParents(): matchAny = true certpath: PolicyChecker.processParents() found parent: anyPolicy ROOT certpath: PolicyChecker.checkPolicy() AFTER PROCESSING: explicitPolicy = 2 certpath: PolicyChecker.checkPolicy() AFTER PROCESSING: policyMapping = 2 certpath: PolicyChecker.checkPolicy() AFTER PROCESSING: inhibitAnyPolicy = 2 certpath: PolicyChecker.checkPolicy() AFTER PROCESSING: policyTree = anyPolicy ROOT 2.23.140.1.2.2 CRIT: false EP: 2.23.140.1.2.2 (1) certpath: PolicyChecker.checkPolicy() certificate policies verified certpath: -checker5 validation succeeded certpath: -Using checker6 ... [sun.security.provider.certpath.BasicChecker] certpath: ---checking validity:Fri Oct 22 07:00:35 GMT 2021... certpath: validity verified. certpath: ---checking subject/issuer name chaining... certpath: subject/issuer name chaining verified. certpath: ---checking signature... certpath: signature verified. certpath: BasicChecker.updateState issuer: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM; subject: CN=DigiCert QuoVadis TLS ICA QV Root CA 1 G3, O="DigiCert, Inc", C=US; serial#: 229604793349650140650830802688948377399581155569 certpath: -checker6 validation succeeded certpath: -Using checker7 ... [sun.security.provider.certpath.CrlRevocationChecker] certpath: CrlRevocationChecker.verifyRevocationStatus() ---checking revocation status... certpath: DistributionPointFetcher.getCRLs: Checking CRLDPs for CN=DigiCert QuoVadis TLS ICA QV Root CA 1 G3, O="DigiCert, Inc", C=US certpath: Trying to fetch CRL from DP http://crl.quovadisglobal.com/qvrca1g3.crl certpath: CertStore URI:http://crl.quovadisglobal.com/qvrca1g3.crl certpath: Exception fetching CRL: java.io.IOException: Server returned HTTP response code: 502 for URL: http://crl.quovadisglobal.com/qvrca1g3.crl at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1715) at sun.security.provider.certpath.URICertStore.engineGetCRLs(URICertStore.java:427) at java.security.cert.CertStore.getCRLs(CertStore.java:181) at sun.security.provider.certpath.DistributionPointFetcher.getCRL(DistributionPointFetcher.java:282) at sun.security.provider.certpath.DistributionPointFetcher.getCRLs(DistributionPointFetcher.java:227) at sun.security.provider.certpath.DistributionPointFetcher.getCRLs(DistributionPointFetcher.java:156) at sun.security.provider.certpath.CrlRevocationChecker.verifyRevocationStatus(CrlRevocationChecker.java:335) at sun.security.provider.certpath.CrlRevocationChecker.verifyRevocationStatus(CrlRevocationChecker.java:270) at sun.security.provider.certpath.CrlRevocationChecker.check(CrlRevocationChecker.java:211) at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:133) at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:375) at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:193) at java.security.cert.CertPathValidator.validate(CertPathValidator.java:279) at ValidatePathWithParams.doCertPathValidate(ValidatePathWithParams.java:268) at ValidatePathWithParams.validate(ValidatePathWithParams.java:134) at RootCA1G3.runTest(QuoVadisCA.java:169) at QuoVadisCA.main(QuoVadisCA.java:35) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:127) at java.lang.Thread.run(Thread.java:745) certpath: Returning 0 CRLs certpath: CrlRevocationChecker.verifyRevocationStatus() crls.size() = 0 certpath: CrlRevocationChecker.verifyRevocationStatus() approved crls.size() = 0 certpath: CrlRevocationChecker.verifyWithSeparateSigningKey() ---checking revocation status... certpath: CrlRevocationChecker.buildToNewKey() starting work certpath: CrlRevocationChecker.buildToNewKey() about to try build ... certpath: SunCertPathBuilder.engineBuild([ [ Trust Anchors: [[ Trusted CA cert: [ [ Version: V3 Subject: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 4096 bits modulus: 655775895775617526454917202166845877898971172380096574027708125889948413811353726176004925862935288224846030718254836482640813693329057923697969271538313140218015869178833667875455570220944769061756577538580708090997230864651750202801494365971449490684949999038641340762278537632062729015133908889104515262586703992939030809659620187090006370352603622735718296887505352605779074746039663740740021478434526471741784117934612387829188089058987368376987974775468903659636930890191660126754972496210420148052354666679500597116741475263852651397627894195504424100619664611331889492784540838781304704273743642077207289262386626815498644374268922463521843043115663121226853149820112809641774187898364740162059033501495842219756807938163714451363995610280196085777589237954647813866380126116547877576992395419370960998307647750509962252223404945010391974334932635041427084606151214845277717064932938714190947575922072755801483695717783811668595418189247477065894071751146679095032661094173683098518477658231479739835919031527627994531060245721199429852842803412219555453190936662417281679057414936147298523075575226011414376399787230301552147038651684589377296957568328889587177284893711238940271756346683754018903331037884878204428884636499 public exponent: 65537 Validity: [From: Thu Jan 12 17:27:44 GMT 2012, To: Sun Jan 12 17:27:44 GMT 2042] Issuer: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM SerialNumber: [ 78585f2e ad2c194b e3370735 341328b5 96d46593] Certificate Extensions: 3 [1]: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2147483647 ] [2]: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ Key_CertSign Crl_Sign ] [3]: ObjectId: 2.5.29.14 Criticality=false SubjectKeyIdentifier [ KeyIdentifier [ 0000: A3 97 D6 F3 5E A2 10 E1 AB 45 9F 3C 17 64 3C EE ....^....E.<.d<. 0010: 01 70 9C CC .p.. ] ] ] Algorithm: [SHA256withRSA] Signature: 0000: 18 FA 5B 75 FC 3E 7A C7 5F 77 C7 CA DF CF 5F C3 ..[u.>z._w...._. 0010: 12 C4 40 5D D4 32 AA B8 6A D7 D5 15 15 46 98 23 ..@].2..j....F.# 0020: A5 E6 90 5B 18 99 4C E3 AD 42 A3 82 31 36 88 CD ...[..L..B..16.. 0030: E9 FB C4 04 96 48 8B 01 C7 8D 01 CF 5B 33 06 96 .....H......[3.. 0040: 46 66 74 1D 4F ED C1 B6 B9 B4 0D 61 CC 63 7E D7 Fft.O......a.c.. 0050: 2E 77 8C 96 1C 2A 23 68 6B 85 57 76 70 33 13 FE .w...*#hk.Wvp3.. 0060: E1 4F A6 23 77 18 FA 1A 8C E8 BD 65 C9 CF 3F F4 .O.#w......e..?. 0070: C9 17 DC EB C7 BC C0 04 2E 2D 46 2F 69 66 C3 1B .........-F/if.. 0080: 8F FE EC 3E D3 CA 94 BF 76 0A 25 0D A9 7B 02 1C ...>....v.%..... 0090: A9 D0 3B 5F 0B C0 81 3A 3D 64 E1 BF A7 2D 4E BD ..;_...:=d...-N. 00A0: 4D C4 D8 29 C6 22 18 D0 C5 AC 72 02 82 3F AA 3A M..)."....r..?.: 00B0: A2 3A 22 97 31 DD 08 63 C3 75 14 B9 60 28 2D 5B .:".1..c.u..`(-[ 00C0: 68 E0 16 A9 66 82 23 51 F5 EB 53 D8 31 9B 7B E9 h...f.#Q..S.1... 00D0: B7 9D 4B EB 88 16 CF F9 5D 38 8A 49 30 8F ED F1 ..K.....]8.I0... 00E0: EB 19 F4 77 1A 31 18 4D 67 54 6C 2F 6F 65 F9 DB ...w.1.MgTl/oe.. 00F0: 3D EC 21 EC 5E F4 F4 8B CA 60 65 54 D1 71 64 F4 =.!.^....`eT.qd. 0100: F9 A6 A3 81 33 36 33 71 F0 A4 78 5F 4E AD 83 21 ....363q..x_N..! 0110: DE 34 49 8D E8 59 AC 9D F2 76 5A 36 F2 13 F4 AF .4I..Y...vZ6.... 0120: E0 09 C7 61 2A 6C F7 E0 9D AE BB 86 4A 28 6F 2E ...a*l......J(o. 0130: EE B4 79 CD 90 33 C3 B3 76 FA F5 F0 6C 9D 01 90 ..y..3..v...l... 0140: FA 9E 90 F6 9C 72 CF 47 DA C3 1F E4 35 20 53 F2 .....r.G....5 S. 0150: 54 D1 DF 61 83 A6 02 E2 25 38 DE 85 32 2D 5E 73 T..a....%8..2-^s 0160: 90 52 5D 42 C4 CE 3D 4B E1 F9 19 84 1D D5 A2 50 .R]B..=K.......P 0170: CC 41 FB 41 14 C3 BD D6 C9 5A A3 63 66 02 80 BD .A.A.....Z.cf... 0180: 05 3A 3B 47 9C EC 00 26 4C F5 88 51 BF A8 23 7F .:;G...&L..Q..#. 0190: 18 07 B0 0B ED 8B 26 A1 64 D3 61 4A EB 5C 9F DE ......&.d.aJ.\\.. 01A0: B3 AF 67 03 B3 1F DD 6D 5D 69 68 69 AB 5E 3A EC ..g....m]ihi.^:. 01B0: 7C 69 BC C7 3B 85 4E 9E 15 B9 B4 15 4F C3 95 7A .i..;.N.....O..z 01C0: 58 D7 C9 6C E9 6C B9 F3 29 63 5E B4 2C F0 2D 3D X..l.l..)c^.,.-= 01D0: ED 5A 65 E0 A9 5B 40 C2 48 99 81 6D 9E 1F 06 2A .Ze..[@.H..m...* 01E0: 3C 12 B4 8B 0F 9B A2 24 F0 A6 8D D6 7A E0 4B B6 <......$....z.K. 01F0: 64 96 63 95 84 C2 4A CD 1C 2E 24 87 33 60 E5 C3 d.c...J...$.3`.. ] ] Initial Policy OIDs: any Validity Date: null Signature Provider: null Default Revocation Enabled: false Explicit Policy Required: false Policy Mapping Inhibited: false Any Policy Inhibited: false Policy Qualifiers Rejected: true Target Cert Constraints: RejectCertSelector: [ X509CertSelector: [ Subject: CN=QuoVadis Root CA 1 G3,O=QuoVadis Limited,C=BM matchAllSubjectAltNames flag: true Key Usage: KeyUsage [ Crl_Sign ] ][Sun RSA public key, 4096 bits modulus: 655775895775617526454917202166845877898971172380096574027708125889948413811353726176004925862935288224846030718254836482640813693329057923697969271538313140218015869178833667875455570220944769061756577538580708090997230864651750202801494365971449490684949999038641340762278537632062729015133908889104515262586703992939030809659620187090006370352603622735718296887505352605779074746039663740740021478434526471741784117934612387829188089058987368376987974775468903659636930890191660126754972496210420148052354666679500597116741475263852651397627894195504424100619664611331889492784540838781304704273743642077207289262386626815498644374268922463521843043115663121226853149820112809641774187898364740162059033501495842219756807938163714451363995610280196085777589237954647813866380126116547877576992395419370960998307647750509962252223404945010391974334932635041427084606151214845277717064932938714190947575922072755801483695717783811668595418189247477065894071751146679095032661094173683098518477658231479739835919031527627994531060245721199429852842803412219555453190936662417281679057414936147298523075575226011414376399787230301552147038651684589377296957568328889587177284893711238940271756346683754018903331037884878204428884636499 public exponent: 65537]] Certification Path Checkers: [[]] CertStores: [[java.security.cert.CertStore@63a7a517]] ] Maximum Path Length: 5 ] ) certpath: SunCertPathBuilder.buildForward()... certpath: SunCertPathBuilder.depthFirstSearchForward(CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM, State [ issuerDN of last cert: null traversedCACerts: 0 init: true keyParamsNeeded: false subjectNamesTraversed: []] ) certpath: ForwardBuilder.getMatchingCerts()... certpath: ForwardBuilder.getMatchingEECerts()... certpath: X509CertSelector.match(SN: 2837d5c3c2b57294becf99afe8bbdcd1bb0b20f1 Issuer: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM Subject: CN=DigiCert QuoVadis TLS ICA QV Root CA 1 G3, O="DigiCert, Inc", C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: X509CertSelector.match(SN: 2b9bf892d8abbde06c26d764263bfa8 Issuer: CN=DigiCert QuoVadis TLS ICA QV Root CA 1 G3, O="DigiCert, Inc", C=US Subject: CN=quovadis-root-ca-1-g3.chain-demos.digicert.com, O="DigiCert, Inc.", L=Lehi, ST=Utah, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: ForwardBuilder.getMatchingCACerts()... certpath: ForwardBuilder.getMatchingCACerts(): ca is target certpath: X509CertSelector.match(SN: 78585f2ead2c194be3370735341328b596d46593 Issuer: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM Subject: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM) certpath: X509CertSelector.match returning: true certpath: RejectCertSelector.match: bad key certpath: X509CertSelector.match(SN: 2837d5c3c2b57294becf99afe8bbdcd1bb0b20f1 Issuer: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM Subject: CN=DigiCert QuoVadis TLS ICA QV Root CA 1 G3, O="DigiCert, Inc", C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: X509CertSelector.match(SN: 2b9bf892d8abbde06c26d764263bfa8 Issuer: CN=DigiCert QuoVadis TLS ICA QV Root CA 1 G3, O="DigiCert, Inc", C=US Subject: CN=quovadis-root-ca-1-g3.chain-demos.digicert.com, O="DigiCert, Inc.", L=Lehi, ST=Utah, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: ForwardBuilder.getMatchingCACerts: found 0 CA certs certpath: SunCertPathBuilder.depthFirstSearchForward(): certs.size=0 certpath: SunCertPathBuilder.engineBuild: 2nd pass certpath: SunCertPathBuilder.buildForward()... certpath: SunCertPathBuilder.depthFirstSearchForward(CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM, State [ issuerDN of last cert: null traversedCACerts: 0 init: true keyParamsNeeded: false subjectNamesTraversed: []] ) certpath: ForwardBuilder.getMatchingCerts()... certpath: ForwardBuilder.getMatchingEECerts()... certpath: X509CertSelector.match(SN: 2837d5c3c2b57294becf99afe8bbdcd1bb0b20f1 Issuer: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM Subject: CN=DigiCert QuoVadis TLS ICA QV Root CA 1 G3, O="DigiCert, Inc", C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: X509CertSelector.match(SN: 2b9bf892d8abbde06c26d764263bfa8 Issuer: CN=DigiCert QuoVadis TLS ICA QV Root CA 1 G3, O="DigiCert, Inc", C=US Subject: CN=quovadis-root-ca-1-g3.chain-demos.digicert.com, O="DigiCert, Inc.", L=Lehi, ST=Utah, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: ForwardBuilder.getMatchingCACerts()... certpath: ForwardBuilder.getMatchingCACerts(): ca is target certpath: X509CertSelector.match(SN: 78585f2ead2c194be3370735341328b596d46593 Issuer: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM Subject: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM) certpath: X509CertSelector.match returning: true certpath: RejectCertSelector.match: bad key certpath: X509CertSelector.match(SN: 2837d5c3c2b57294becf99afe8bbdcd1bb0b20f1 Issuer: CN=QuoVadis Root CA 1 G3, O=QuoVadis Limited, C=BM Subject: CN=DigiCert QuoVadis TLS ICA QV Root CA 1 G3, O="DigiCert, Inc", C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: X509CertSelector.match(SN: 2b9bf892d8abbde06c26d764263bfa8 Issuer: CN=DigiCert QuoVadis TLS ICA QV Root CA 1 G3, O="DigiCert, Inc", C=US Subject: CN=quovadis-root-ca-1-g3.chain-demos.digicert.com, O="DigiCert, Inc.", L=Lehi, ST=Utah, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: ForwardBuilder.getMatchingCACerts: found 0 CA certs certpath: SunCertPathBuilder.depthFirstSearchForward(): certs.size=0 certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 23456 Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 401ac46421b31321030ebbe4121ac51d Issuer: CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Subject: CN=VeriSign Universal Root Certification Authority, OU="(c) 2008 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 3cb2f4480a00e2feeb243b5e603ec36b Issuer: CN=GeoTrust Primary Certification Authority - G2, OU=(c) 2007 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US Subject: CN=GeoTrust Primary Certification Authority - G2, OU=(c) 2007 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 570a119742c4e3cc Issuer: CN=Actalis Authentication Root CA, O=Actalis S.p.A./03358520967, L=Milan, C=IT Subject: CN=Actalis Authentication Root CA, O=Actalis S.p.A./03358520967, L=Milan, C=IT) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 10020 Issuer: CN=Certum CA, O=Unizeto Sp. z o.o., C=PL Subject: CN=Certum CA, O=Unizeto Sp. z o.o., C=PL) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 444c0 Issuer: CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL Subject: CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 1 Issuer: CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE Subject: CN=T-TeleSec GlobalRoot Class 2, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 2 Issuer: CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO Subject: CN=Buypass Class 2 Root CA, O=Buypass AS-983163327, C=NO) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 8210cfb0d240e3594463e0bb63828b00 Issuer: CN=ISRG Root X1, O=Internet Security Research Group, C=US Subject: CN=ISRG Root X1, O=Internet Security Research Group, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 0 Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 9b7e0649a33e62b9d5ee90487129ef57 Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 18acb56afd69b6153a636cafdafac4a1 Issuer: CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US Subject: CN=GeoTrust Primary Certification Authority, O=GeoTrust Inc., C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 0 Issuer: OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.", C=JP Subject: OU=Security Communication RootCA2, O="SECOM Trust Systems CO.,LTD.", C=JP) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 6d8c1446b1a60aee Issuer: CN=AffirmTrust Premium, O=AffirmTrust, C=US Subject: CN=AffirmTrust Premium, O=AffirmTrust, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 4000000000121585308a2 Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3 Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 1 Issuer: CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE Subject: CN=T-TeleSec GlobalRoot Class 3, OU=T-Systems Trust Center, O=T-Systems Enterprise Services GmbH, C=DE) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 83be056904246b1a1756ac95991c74a Issuer: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Subject: CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 509 Issuer: CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM Subject: CN=QuoVadis Root CA 2, O=QuoVadis Limited, C=BM) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: ba15afa1ddfa0b54944afcd24a06cec Issuer: CN=DigiCert Assured ID Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US Subject: CN=DigiCert Assured ID Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 4f1bd42f54bb2f4b Issuer: CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH Subject: CN=SwissSign Silver CA - G2, O=SwissSign AG, C=CH) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: a7ea6df4b449eda6a24859ee6b815d3167fbbb1 Issuer: CN=LuxTrust Global Root 2, O=LuxTrust S.A., C=LU Subject: CN=LuxTrust Global Root 2, O=LuxTrust S.A., C=LU) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 0 Issuer: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US Subject: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: bb401c43f55e4fb0 Issuer: CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH Subject: CN=SwissSign Gold CA - G2, O=SwissSign AG, C=CH) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 445734245b81899b35f2ceb82b3b5ba726f07528 Issuer: CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM Subject: CN=QuoVadis Root CA 2 G3, O=QuoVadis Limited, C=BM) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 0 Issuer: CN=Hellenic Academic and Research Institutions ECC RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR Subject: CN=Hellenic Academic and Research Institutions ECC RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 2ef59b0228a7db7affd5a3a9eebd03a0cf126a1d Issuer: CN=QuoVadis Root CA 3 G3, O=QuoVadis Limited, C=BM Subject: CN=QuoVadis Root CA 3 G3, O=QuoVadis Limited, C=BM) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 56b629cd34bc78f6 Issuer: CN=SSL.com EV Root Certification Authority RSA R2, O=SSL Corporation, L=Houston, ST=Texas, C=US Subject: CN=SSL.com EV Root Certification Authority RSA R2, O=SSL Corporation, L=Houston, ST=Texas, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 1f47afaa62007050544c019e9b63992a Issuer: CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Subject: CN=COMODO ECC Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 59b1b579e8e2132e23907bda777755c Issuer: CN=DigiCert Trusted Root G4, OU=www.digicert.com, O=DigiCert Inc, C=US Subject: CN=DigiCert Trusted Root G4, OU=www.digicert.com, O=DigiCert Inc, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 33af1e6a711a9a0bb2864b11d09fae5 Issuer: CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US Subject: CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 0 Issuer: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP Subject: OU=Security Communication RootCA1, O=SECOM Trust.net, C=JP) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 983f4 Issuer: CN=D-TRUST Root Class 3 CA 2 EV 2009, O=D-Trust GmbH, C=DE Subject: CN=D-TRUST Root Class 3 CA 2 EV 2009, O=D-Trust GmbH, C=DE) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: bb8 Issuer: CN=LuxTrust Global Root, O=LuxTrust s.a., C=LU Subject: CN=LuxTrust Global Root, O=LuxTrust s.a., C=LU) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: a68b79290000000050d091f9 Issuer: CN=Entrust Root Certification Authority - EC1, OU="(c) 2012 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US Subject: CN=Entrust Root Certification Authority - EC1, OU="(c) 2012 Entrust, Inc. - for authorized use only", OU=See www.entrust.net/legal-terms, O="Entrust, Inc.", C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 1fd6d30fca3ca51a81bbc640e35032d Issuer: CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US Subject: CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 15ac6e9419b2794b41f627a9c3180f1f Issuer: CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US Subject: CN=GeoTrust Primary Certification Authority - G3, OU=(c) 2008 GeoTrust Inc. - For authorized use only, O=GeoTrust Inc., C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: cf08e5c0816a5ad427ff0eb271859d0 Issuer: CN=SecureTrust CA, O=SecureTrust Corporation, C=US Subject: CN=SecureTrust CA, O=SecureTrust Corporation, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 66c9fd7c1bb104c2943e5717b7b2cc81ac10e Issuer: CN=Amazon Root CA 4, O=Amazon, C=US Subject: CN=Amazon Root CA 4, O=Amazon, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 40000000001154b5ac394 Issuer: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE Subject: CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 0 Issuer: CN=Hellenic Academic and Research Institutions RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR Subject: CN=Hellenic Academic and Research Institutions RootCA 2015, O=Hellenic Academic and Research Institutions Cert. Authority, L=Athens, C=GR) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 983f3 Issuer: CN=D-TRUST Root Class 3 CA 2 2009, O=D-Trust GmbH, C=DE Subject: CN=D-TRUST Root Class 3 CA 2 2009, O=D-Trust GmbH, C=DE) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 0 Issuer: CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US Subject: CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 456b5054 Issuer: CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US Subject: CN=Entrust Root Certification Authority, OU="(c) 2006 Entrust, Inc.", OU=www.entrust.net/CPS is incorporated by reference, O="Entrust, Inc.", C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 4eb200670c035d4f Issuer: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 2ac5c266a0b409b8f0b79f2ae462577 Issuer: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US Subject: CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 5c8b99c55a94c5d27156decd8980cc26 Issuer: CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US Subject: CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 1 Issuer: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB Subject: CN=AAA Certificate Services, O=Comodo CA Limited, L=Salford, ST=Greater Manchester, C=GB) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 7777062726a9b17c Issuer: CN=AffirmTrust Commercial, O=AffirmTrust, C=US Subject: CN=AffirmTrust Commercial, O=AffirmTrust, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: a3da427ea4b1aeda Issuer: CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU Subject: CN=Chambers of Commerce Root - 2008, O=AC Camerfirma S.A., SERIALNUMBER=A82743287, L=Madrid (see current address at www.camerfirma.com/address), C=EU) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 44be0c8b500024b411d3362de0b35f1b Issuer: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US Subject: CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, ST=UT, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 50946cec18ead59c4dd597ef758fa0ad Issuer: CN=XRamp Global Certification Authority, O=XRamp Security Services Inc, OU=www.xrampsecurity.com, C=US Subject: CN=XRamp Global Certification Authority, O=XRamp Security Services Inc, OU=www.xrampsecurity.com, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 1e9e28e848f2e5efc37c4a1e5a1867b6 Issuer: CN=Swisscom Root CA 2, OU=Digital Certificate Services, O=Swisscom, C=ch Subject: CN=Swisscom Root CA 2, OU=Digital Certificate Services, O=Swisscom, C=ch) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 20000b9 Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 2a38a41c960a04de42b228a50be8349802 Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4 Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign ECC Root CA - R4) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 35fc265cd9844fc93d263d579baed756 Issuer: CN=thawte Primary Root CA - G2, OU="(c) 2007 thawte, Inc. - For authorized use only", O="thawte, Inc.", C=US Subject: CN=thawte Primary Root CA - G2, OU="(c) 2007 thawte, Inc. - For authorized use only", O="thawte, Inc.", C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 66c9fd29635869f0a0fe58678f85b26bb8a37 Issuer: CN=Amazon Root CA 2, O=Amazon, C=US Subject: CN=Amazon Root CA 2, O=Amazon, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 95be16a0f72e46f17b398272fa8bcd96 Issuer: CN=TeliaSonera Root CA v1, O=TeliaSonera Subject: CN=TeliaSonera Root CA v1, O=TeliaSonera) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 55556bcf25ea43535c3a40fd5ab4572 Issuer: CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US Subject: CN=DigiCert Global Root G3, OU=www.digicert.com, O=DigiCert Inc, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 4caaf9cadb636fe01ff74ed85b03869d Issuer: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB Subject: CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 7c4f04391cd4992d Issuer: CN=AffirmTrust Networking, O=AffirmTrust, C=US Subject: CN=AffirmTrust Networking, O=AffirmTrust, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 7b2c9bd316803299 Issuer: CN=SSL.com Root Certification Authority RSA, O=SSL Corporation, L=Houston, ST=Texas, C=US Subject: CN=SSL.com Root Certification Authority RSA, O=SSL Corporation, L=Houston, ST=Texas, C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 1 Issuer: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE Subject: CN=AddTrust Qualified CA Root, OU=AddTrust TTP Network, O=AddTrust AB, C=SE) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 45e6bb038333c3856548e6ff4551 Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R6 Subject: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R6) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 2f80fe238c0e220f486712289187acb3 Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G4, OU="(c) 2007 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert certpath: PKIXCertPathValidator.engineValidate() anchor.getTrustedCert() != null certpath: PKIXCertPathValidator.isWorthTrying() checking if this trusted cert is worth trying ... certpath: X509CertSelector.match(SN: 2 Issuer: CN=Buypass Class 3 Root CA, O=Buypass AS-983163327, C=NO Subject: CN=Buypass Class 3 Root CA, O=Buypass AS-983163327, C=NO) certpath: X509CertSelector.match: subject DNs don't match certpath: NO - don't try this trustedCert java.lang.RuntimeException: TEST FAILED: couldn't determine EE certificate status at ValidatePathWithParams.validate(ValidatePathWithParams.java:163) at RootCA1G3.runTest(QuoVadisCA.java:169) at QuoVadisCA.main(QuoVadisCA.java:35) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at com.sun.javatest.regtest.agent.MainWrapper$MainThread.run(MainWrapper.java:127) at java.lang.Thread.run(Thread.java:745) JavaTest Message: Test threw exception: java.lang.RuntimeException: TEST FAILED: couldn't determine EE certificate status JavaTest Message: shutting down test STATUS:Failed.`main' threw exception: java.lang.RuntimeException: TEST FAILED: couldn't determine EE certificate status ----------rerun:(30/2386)*---------- cd /opt/jpgansible/sandbox/results/workDir/closed/security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA && \\ DISPLAY=:0 \\ HOME=/opt/jpgansible \\ JTREG_COF=false \\ JTREG_HOME=/opt/jpgansible/CommonData/jtreg_dir \\ JTREG_OPTS='-vmoption:-Xmx768M -javaoption:-Xmixed -javaoption:-server -javaoption:-d64 -javaoption:-Djavatest.maxOutputSize=2147483647 '-k:!ignore' -timeout:3 -J-Djavatest.script.jtrIfPassed=false -verbose:time -othervm -conc:1 -vmoptions:'-XX:MaxRAMFraction=2'' \\ LANG=C \\ PATH=/bin:/usr/bin \\ CLASSPATH=/opt/jpgansible/sandbox/results/workDir/classes/closed/security/infra/java/security/cert/CertPathValidator/certification:/opt/jpgansible/CommonData/baseoftests/jdk/test/closed/security/infra/java/security/cert/CertPathValidator/certification:/opt/jpgansible/CommonData/jdk/lib/tools.jar:/opt/jpgansible/CommonData/jtreg_dir/lib/javatest.jar:/opt/jpgansible/CommonData/jtreg_dir/lib/jtreg.jar \\ /opt/jpgansible/CommonData/jdk/bin/java \\ -Dtest.src=/opt/jpgansible/CommonData/baseoftests/jdk/test/closed/security/infra/java/security/cert/CertPathValidator/certification \\ -Dtest.src.path=/opt/jpgansible/CommonData/baseoftests/jdk/test/closed/security/infra/java/security/cert/CertPathValidator/certification \\ -Dtest.classes=/opt/jpgansible/sandbox/results/workDir/classes/closed/security/infra/java/security/cert/CertPathValidator/certification \\ -Dtest.class.path=/opt/jpgansible/sandbox/results/workDir/classes/closed/security/infra/java/security/cert/CertPathValidator/certification \\ -Dtest.vm.opts='-d64 -Xmx768M -XX:MaxRAMFraction=2' \\ -Dtest.tool.vm.opts='-J-d64 -J-Xmx768M -J-XX:MaxRAMFraction=2' \\ -Dtest.compiler.opts= \\ -Dtest.java.opts='-Xmixed -server -d64 -Djavatest.maxOutputSize=2147483647' \\ -Dtest.jdk=/opt/jpgansible/CommonData/jdk \\ -Dcompile.jdk=/opt/jpgansible/CommonData/jdk \\ -Dtest.timeout.factor=3.0 \\ -d64 \\ -Xmx768M \\ -XX:MaxRAMFraction=2 \\ -Xmixed \\ -server \\ -d64 \\ -Djavatest.maxOutputSize=2147483647 \\ -Djava.security.debug=certpath \\ com.sun.javatest.regtest.agent.MainWrapper /opt/jpgansible/sandbox/results/workDir/closed/security/infra/java/security/cert/CertPathValidator/certification/QuoVadisCA.d/main.1.jta CRL result: Failed. Execution failed: `main' threw exception: java.lang.RuntimeException: TEST FAILED: couldn't determine EE certificate status test result: Failed. Execution failed: `main' threw exception: java.lang.RuntimeException: TEST FAILED: couldn't determine EE certificate status