I'm getting this error along with "KeyUsage does not allow digital signatures" error.
CWPKI0022E: SSL HANDSHAKE FAILURE: A signer with SubjectDN "CN=myservice.com, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com" was sent from target host:port "127.0.0.1:8888". The signer may need to be added to local trust store "C:/Program Files (x86)/IBM/WebSphere/AppServer/profiles/AppSrv01/config/cells/MYNode01Cell/nodes/MYNode01/trust.p12" located in SSL configuration alias "NodeDefaultSSLSettings" loaded from SSL configuration file "security.xml". The extended error message from the SSL handshake exception is: "KeyUsage does not allow digital signatures".
As you can see I've already added the fiddler and myservice.com cert to my trust.p12 that's shown in the above error. However I think it's looking for the cert Fiddler created for myservice.com. I don't know where that cert is or why I would need to add it.
$ keytool -list -v -keystore trust.p12
Enter keystore password: WebAS
Keystore type: PKCS12
Keystore provider: SUN
Your keystore contains 2 entries
Alias name: fiddlernew
Creation date: Sep 11, 2019
Entry type: trustedCertEntry
Owner: CN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com
Issuer: CN=DO_NOT_TRUST_FiddlerRoot, O=DO_NOT_TRUST, OU=Created by http://www.fiddler2.com
Serial number: 414c37d1e9259bb6431f9bd685b66439
Valid from: Sun Sep 09 06:28:18 EDT 2018 until: Sun Sep 08 06:28:18 EDT 2024
Certificate fingerprints:
MD5: 23:46:FD:3B:30:16:9D:98:68:2A:8B:64:6C:32:CA:A7
SHA1: 23:B0:43:DF:37:1A:C7:2E:BB:D4:47:A1:ED:24:86:9B:1F:CA:04:6A
SHA256: EB:39:30:D0:31:41:3F:28:DE:2F:B2:1A:A7:87:E0:99:A7:D4:9D:EB:A2:24:65:B5:26:EA:38:3A:AD:43:66:43
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3
Extensions:
#1: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]
#2: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
]
#3: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
#4: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 6B 59 E5 48 17 90 8D A8 69 20 C2 A3 9C 79 1E 9F kY.H....i ...y..
0010: 9E A9 7F 8D ....
]
]
*******************************************
*******************************************
Alias name: myservice
Creation date: Sep 11, 2019
Entry type: trustedCertEntry
Owner: CN=myservice.com......the rest of my myservice.com ...
I'm trying different ciphers now incase it's a cipher issue instead of a cert one. I was able to run my app and hit myservice.com fine, the request just werent showing in Fiddler. But now the requests don't complete.