Gazelle Security Suite

Permanent link

https://validation.sequoiaproject.org/gss/details/connection.seam?id=3803408

Connection date

7/3/25 4:07:12 PM (EDT GMT-0400)

SUT address

qhin.careconnect-qa.netsmartexchange.com:443

Simulator address

147.135.50.11:54414

Simulator keyword

QHIN Testing TLS Simulator 2024

Simulator certificate

C=US,ST=Virginia,O=The Sequoia Project\, Inc.,OU=RCE-TEST,CN=validation.sequoiaproject.org

Handshake success

Protocol

Cipher suite

Error message

result=FAILED
errors list :
PKIX validation (CN=qhin.careconnect-qa.netsmartexchange.com, OU=RCE-TEST,
O="Netsmart Technologies, Inc.", ST=Kansas, C=US) : The certificate signature
is invalid. A java.security.SignatureException occurred. Cause: Signature does
not match. (PKIX)
PKIX validation (CN=qhin.careconnect-qa.netsmartexchange.com, OU=RCE-TEST,
O="Netsmart Technologies, Inc.", ST=Kansas, C=US) : CRL checking failed: issuer
certificate does not permit CRL signing. (PKIX)
PKIX validation (CN=qhin.careconnect-qa.netsmartexchange.com, OU=RCE-TEST,
O="Netsmart Technologies, Inc.", ST=Kansas, C=US) : Issuer of certificate is
not valid. Expected
CN=qhin.careconnect-qa.netsmartexchange.com,OU=RCE-TEST,O=Netsmart
Technologies\, Inc.,ST=Kansas,C=US, but found CN=EMR Direct Test Device
SubCA2,OU=Certification Authority (certs.emrdirect.com),O=EMR Direct,L=San
Diego,ST=California,C=US. (PKIX)
PKIX validation (CN=qhin.careconnect-qa.netsmartexchange.com, OU=RCE-TEST,
O="Netsmart Technologies, Inc.", ST=Kansas, C=US) : The certificate is no CA
certificate but used as one. (PKIX)
PKIX validation (CN=qhin.careconnect-qa.netsmartexchange.com, OU=RCE-TEST,
O="Netsmart Technologies, Inc.", ST=Kansas, C=US) : The key usage constraint
does not allow the use of this certificate key for signing certificates. (PKIX)

Error stack trace

javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1494)
at
        sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:509)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:780)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:744)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1212)
at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:910)
at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDe-
        coder.java:425)
at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(Fr-
        ameDecoder.java:310)
at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream-
        (SimpleChannelUpstreamHandler.java:70)
at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(Default-
        ChannelPipeline.java:560)
at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(Default-
        ChannelPipeline.java:555)
at
        org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268)
at
        org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255)
at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:88)
at org.jboss.netty.channel.socket.nio.AbstractNioWorker.process(Abstra-
        ctNioWorker.java:107)
at org.jboss.netty.channel.socket.nio.AbstractNioSelector.run(Abstract-
        NioSelector.java:312)
at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNi-
        oWorker.java:88)
at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:178)
at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunna-
        ble.java:108)
at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockPro-
        ofWorker.java:42)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecuto-
        r.java:1152)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecut-
        or.java:622)
at java.lang.Thread.run(Thread.java:748)
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1672)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:301)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:293)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshake-
        r.java:1598)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.j-
        ava:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1011)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:935)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:933)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1432)
at org.jboss.netty.handler.ssl.SslHandler$4.run(SslHandler.java:1348)
at org.jboss.netty.handler.ssl.ImmediateExecutor.execute(ImmediateExec-
        utor.java:31)
at org.jboss.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler-
        .java:1345)
at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1232)
... 18 more
Caused by: java.security.cert.CertificateException: result=FAILED
errors list :
PKIX validation (CN=qhin.careconnect-qa.netsmartexchange.com, OU=RCE-TEST,
O="Netsmart Technologies, Inc.", ST=Kansas, C=US) : The certificate signature
is invalid. A java.security.SignatureException occurred. Cause: Signature does
not match. (PKIX)
PKIX validation (CN=qhin.careconnect-qa.netsmartexchange.com, OU=RCE-TEST,
O="Netsmart Technologies, Inc.", ST=Kansas, C=US) : CRL checking failed: issuer
certificate does not permit CRL signing. (PKIX)
PKIX validation (CN=qhin.careconnect-qa.netsmartexchange.com, OU=RCE-TEST,
O="Netsmart Technologies, Inc.", ST=Kansas, C=US) : Issuer of certificate is
not valid. Expected
CN=qhin.careconnect-qa.netsmartexchange.com,OU=RCE-TEST,O=Netsmart
Technologies\, Inc.,ST=Kansas,C=US, but found CN=EMR Direct Test Device
SubCA2,OU=Certification Authority (certs.emrdirect.com),O=EMR Direct,L=San
Diego,ST=California,C=US. (PKIX)
PKIX validation (CN=qhin.careconnect-qa.netsmartexchange.com, OU=RCE-TEST,
O="Netsmart Technologies, Inc.", ST=Kansas, C=US) : The certificate is no CA
certificate but used as one. (PKIX)
PKIX validation (CN=qhin.careconnect-qa.netsmartexchange.com, OU=RCE-TEST,
O="Netsmart Technologies, Inc.", ST=Kansas, C=US) : The key usage constraint
does not allow the use of this certificate key for signing certificates. (PKIX)

at net.ihe.gazelle.simulators.tls.common.TestTrustManager.checkServerT-
        rusted(TestTrustManager.java:58)
at sun.security.ssl.AbstractTrustManagerWrapper.checkServerTrusted(SSL-
        ContextImpl.java:1100)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshake-
        r.java:1585)
... 28 more

TLS/SSL events

Date

07/03/2025 20:07:12.087

Type

CHECK_TRUSTED_SERVER

Details

Details

result=FAILED errors list : PKIX validation (CN=qhin.careconnect-qa.netsmartexchange.com, OU=RCE-TEST, O="Netsmart Technologies, Inc.", ST=Kansas, C=US) : The certificate signature is invalid. A java.security.SignatureException occurred. Cause: Signature does not match. (PKIX) PKIX validation (CN=qhin.careconnect-qa.netsmartexchange.com, OU=RCE-TEST, O="Netsmart Technologies, Inc.", ST=Kansas, C=US) : CRL checking failed: issuer certificate does not permit CRL signing. (PKIX) PKIX validation (CN=qhin.careconnect-qa.netsmartexchange.com, OU=RCE-TEST, O="Netsmart Technologies, Inc.", ST=Kansas, C=US) : Issuer of certificate is not valid. Expected CN=qhin.careconnect-qa.netsmartexchange.com,OU=RCE-TEST,O=Netsmart Technologies\, Inc.,ST=Kansas,C=US, but found CN=EMR Direct Test Device SubCA2,OU=Certification Authority (certs.emrdirect.com),O=EMR Direct,L=San Diego,ST=California,C=US. (PKIX) PKIX validation (CN=qhin.careconnect-qa.netsmartexchange.com, OU=RCE-TEST, O="Netsmart Technologies, Inc.", ST=Kansas, C=US) : The certificate is no CA certificate but used as one. (PKIX) PKIX validation (CN=qhin.careconnect-qa.netsmartexchange.com, OU=RCE-TEST, O="Netsmart Technologies, Inc.", ST=Kansas, C=US) : The key usage constraint does not allow the use of this certificate key for signing certificates. (PKIX)

CN=qhin.careconnect-qa.netsmartexchange.com, OU=RCE-TEST, O="Netsmart Technologies, Inc.", ST=Kansas, C=US
[
[
  Version: V3
  Subject: CN=qhin.careconnect-qa.netsmartexchange.com, OU=RCE-TEST,
  O="Netsmart Technologies, Inc.", ST=Kansas, C=US
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits
  modulus: 2227431005404857786277965145177388668031508632599426736352179599969-
  0696164575642945771010187817214062997924950521186944619497677435905901447319-
  8019837141617248789190470440694527457713602970232156608164012263082355064227-
  1745014996013152938767740024029496255886617699595018075426759463756677373405-
  2066608698300726639679380511973787268557246723118177367700286666863462735580-
  2894867014093538857489111331479884840190536785567919244167029163406416665291-
  0972395070010205187808328249962698133967047201596041702360633133904713545939-
  8445180065791152660604208895297141925756786303435169963352576221810827276506-
  842084450018254191
  public exponent: 65537
  Validity: [From: Wed Feb 26 15:06:39 EST 2025,
               To: Thu Feb 26 15:06:39 EST 2026]
  Issuer: CN=EMR Direct Test Device SubCA2, OU=Certification Authority
  (certs.emrdirect.com), O=EMR Direct, L=San Diego, ST=California, C=US
  SerialNumber: [    1ac12b1b 0f2be111]

Certificate Extensions: 8
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: caIssuers
   accessLocation: URIName:
   http://certs.emrdirect.com/certs/EMRDirectTestDeviceSubCA2.crt
]
]

[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: B0 0B 58 3B C5 93 AD C6   6F 65 5D 11 C0 12 AD 5A  ..X;....oe]....Z
0010: DC 87 86 35                                        ...5
]
]

[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:false
  PathLen: undefined
]

[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://certs.emrdirect.com/crl/EMRDirectTestDeviceSubCA2.crl]
]]

[5]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  serverAuth
  clientAuth
]

[6]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  DigitalSignature
  Key_Encipherment
]

[7]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  DNSName: qhin.careconnect-qa.netsmartexchange.com
]

[8]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 49 FE 70 5A 2E C6 A4 90   2D 3A 64 13 57 54 8F 11  I.pZ....-:d.WT..
0010: 7D 69 92 05                                        .i..
]
]

]
  Algorithm: [SHA256withRSA]
  Signature:
0000: CF 67 9E 74 5E FF 31 04   5D 0A 80 F1 B1 9D 56 39  .g.t^.1.].....V9
0010: 49 47 C6 98 2D DF 9E 53   D2 B9 C4 6C 4E CA 99 14  IG..-..S...lN...
0020: DF 3A B5 BD D3 DF 77 DB   3E 71 06 08 D0 AE 6C 39  .:....w.>q....l9
0030: 62 90 61 FA B3 4C 06 1D   2E 78 E9 6F E6 67 50 13  b.a..L...x.o.gP.
0040: F7 97 71 B0 B4 1F B3 86   22 45 71 68 BE EA 4C D5  ..q....."Eqh..L.
0050: E6 08 9B B1 79 E0 7D 47   44 05 13 DC E3 E2 F2 A6  ....y..GD.......
0060: E7 EC 10 CF 31 9C B8 32   F5 30 85 88 01 9D C7 CB  ....1..2.0......
0070: FB CC A4 62 16 D2 FF 8F   EA 7D F4 C6 11 70 95 74  ...b.........p.t
0080: 4B F7 3F 8A 9B 10 D7 D6   9E C3 2D 99 A8 A0 3F CE  K.?.......-...?.
0090: 66 9C D8 17 AC EF D8 E6   74 9A 61 C6 F1 1D 1B BC  f.......t.a.....
00A0: 88 7D A8 07 10 3D 87 64   5B A5 E2 1B 86 EE 6C CA  .....=.d[.....l.
00B0: FE EF 0D 9E BD C9 C0 01   F2 05 7A AF 69 2F 69 22  ..........z.i/i"
00C0: 4E 8C 52 B2 36 1F F6 2A   87 2C 7B 63 49 D8 29 64  N.R.6..*.,.cI.)d
00D0: 5E DA 1F AA 8C C4 07 BB   11 7F BB 40 A1 FA 9E 56  ^..........@...V
00E0: A3 3B A3 A0 F5 9F F2 A4   5B 05 D9 28 25 98 B0 52  .;......[..(%..R
00F0: EE 77 5E 9F 99 24 8B 58   D9 EA 37 04 64 72 01 33  .w^..$.X..7.dr.3

]
CN=qhin.careconnect-qa.netsmartexchange.com, OU=RCE-TEST, O="Netsmart Technologies, Inc.", ST=Kansas, C=US
[
[
  Version: V3
  Subject: CN=qhin.careconnect-qa.netsmartexchange.com, OU=RCE-TEST,
  O="Netsmart Technologies, Inc.", ST=Kansas, C=US
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits
  modulus: 2227431005404857786277965145177388668031508632599426736352179599969-
  0696164575642945771010187817214062997924950521186944619497677435905901447319-
  8019837141617248789190470440694527457713602970232156608164012263082355064227-
  1745014996013152938767740024029496255886617699595018075426759463756677373405-
  2066608698300726639679380511973787268557246723118177367700286666863462735580-
  2894867014093538857489111331479884840190536785567919244167029163406416665291-
  0972395070010205187808328249962698133967047201596041702360633133904713545939-
  8445180065791152660604208895297141925756786303435169963352576221810827276506-
  842084450018254191
  public exponent: 65537
  Validity: [From: Wed Feb 26 15:06:39 EST 2025,
               To: Thu Feb 26 15:06:39 EST 2026]
  Issuer: CN=EMR Direct Test Device SubCA2, OU=Certification Authority
  (certs.emrdirect.com), O=EMR Direct, L=San Diego, ST=California, C=US
  SerialNumber: [    1ac12b1b 0f2be111]

Certificate Extensions: 8
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: caIssuers
   accessLocation: URIName:
   http://certs.emrdirect.com/certs/EMRDirectTestDeviceSubCA2.crt
]
]

[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: B0 0B 58 3B C5 93 AD C6   6F 65 5D 11 C0 12 AD 5A  ..X;....oe]....Z
0010: DC 87 86 35                                        ...5
]
]

[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:false
  PathLen: undefined
]

[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://certs.emrdirect.com/crl/EMRDirectTestDeviceSubCA2.crl]
]]

[5]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  serverAuth
  clientAuth
]

[6]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  DigitalSignature
  Key_Encipherment
]

[7]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  DNSName: qhin.careconnect-qa.netsmartexchange.com
]

[8]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 49 FE 70 5A 2E C6 A4 90   2D 3A 64 13 57 54 8F 11  I.pZ....-:d.WT..
0010: 7D 69 92 05                                        .i..
]
]

]
  Algorithm: [SHA256withRSA]
  Signature:
0000: CF 67 9E 74 5E FF 31 04   5D 0A 80 F1 B1 9D 56 39  .g.t^.1.].....V9
0010: 49 47 C6 98 2D DF 9E 53   D2 B9 C4 6C 4E CA 99 14  IG..-..S...lN...
0020: DF 3A B5 BD D3 DF 77 DB   3E 71 06 08 D0 AE 6C 39  .:....w.>q....l9
0030: 62 90 61 FA B3 4C 06 1D   2E 78 E9 6F E6 67 50 13  b.a..L...x.o.gP.
0040: F7 97 71 B0 B4 1F B3 86   22 45 71 68 BE EA 4C D5  ..q....."Eqh..L.
0050: E6 08 9B B1 79 E0 7D 47   44 05 13 DC E3 E2 F2 A6  ....y..GD.......
0060: E7 EC 10 CF 31 9C B8 32   F5 30 85 88 01 9D C7 CB  ....1..2.0......
0070: FB CC A4 62 16 D2 FF 8F   EA 7D F4 C6 11 70 95 74  ...b.........p.t
0080: 4B F7 3F 8A 9B 10 D7 D6   9E C3 2D 99 A8 A0 3F CE  K.?.......-...?.
0090: 66 9C D8 17 AC EF D8 E6   74 9A 61 C6 F1 1D 1B BC  f.......t.a.....
00A0: 88 7D A8 07 10 3D 87 64   5B A5 E2 1B 86 EE 6C CA  .....=.d[.....l.
00B0: FE EF 0D 9E BD C9 C0 01   F2 05 7A AF 69 2F 69 22  ..........z.i/i"
00C0: 4E 8C 52 B2 36 1F F6 2A   87 2C 7B 63 49 D8 29 64  N.R.6..*.,.cI.)d
00D0: 5E DA 1F AA 8C C4 07 BB   11 7F BB 40 A1 FA 9E 56  ^..........@...V
00E0: A3 3B A3 A0 F5 9F F2 A4   5B 05 D9 28 25 98 B0 52  .;......[..(%..R
00F0: EE 77 5E 9F 99 24 8B 58   D9 EA 37 04 64 72 01 33  .w^..$.X..7.dr.3

]

Connection Id	Index	Details	Date	Time (µs)	From	To	Proxy	Info
Number of results per page :
2516	1	Details	7/3/25 4:07:11 PM (EDT GMT-0400)	773698	127.0.0.1 : 48498	3.13.166.236 : 443	1025	application/soap+xml

TLS/SSL connection

Connection details

Error stack trace

Details

Intercepted messages