When I run the sample WebServer with my own certificate my Java client producrs the following trace of the SSL handshake:

org.apache.xmlrpc.SecureXmlRpcClientLite https://ppmerlin:8081 test 1
keyStore is :

keyStore type is : jks

init keystore

init keymanager of type SunX509

trustStore is: c:\ssl\server.trust

trustStore type is : jks

init truststore

adding as trusted cert: [
[
Version: V3
Subject: CN=ppmerlin
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffebd
Validity: [From: Tue Dec 16 11:21:05 EST 2003,
To: Sat Dec 31 18:59:59 EST 2039]
Issuer: CN=ppmerlin
SerialNumber: [ 2f4a3ba6 025f92b9 44e81508 70ae93ee]

Certificate Extensions: 2
[1]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.1]]

[2]: ObjectId: 2.5.29.1 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 3D 30 3B 80 10 74 1D F7 FA 08 9C 11 56 FE 7F .=0;..t......V..

0010: 08 D7 71 E0 58 06 A1 15 30 13 31 11 30 0F 06 03 ..q.X...0.1.0...

0020: 55 04 03 13 08 70 70 6D 65 72 6C 69 6E 82 10 2F U....ppmerlin../

0030: 4A 3B A6 02 5F 92 B9 44 E8 15 08 70 AE 93 EE J;.._..D...p...



]
Algorithm: [MD5withRSA]
Signature:
0000: CE 24 AC B9 38 20 F5 E4 20 FA AA A1 F9 FD E3 BF .$..8 .. .......

0010: DE 93 8F C3 6D 92 BE DE 9D 1C D3 E2 23 BE 2E 31 ....m.......#..1

0020: 4D 9B CD 85 6A 43 28 A0 2D 9B C0 63 D9 CA 5E 01 M...jC(.-..c..^.

0030: 23 4D 00 94 47 D7 B8 9E 53 65 21 7E 47 89 FF BC #M..G...Se!.G...

0040: 0D 38 0D 85 8B F4 22 1A F8 48 E6 30 5A 30 72 E0 .8...."..H.0Z0r.

0050: 3D 40 C7 99 E1 7B 83 62 59 E9 7A 60 D2 FC C7 FD =@.....bY.z`....

0060: 04 48 C7 FA DE 76 14 16 A5 27 DB D7 E8 7E 1F 83 .H...v...'......

0070: 44 52 9B 34 F6 B4 D0 F8 B3 F2 FE 18 73 88 EE 0E DR.4........s...


]

adding as trusted cert: [
[
Version: V3
Subject: CN=BCTCLIENT3, OU=foo, O=foo, L=foo, ST=foo, C=us
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffff9fe
Validity: [From: Mon Dec 15 15:31:10 EST 2003,
To: Sun Dec 15 15:31:10 EST 2013]
Issuer: CN=BCTCLIENT3, OU=foo, O=foo, L=foo, ST=foo, C=us
SerialNumber: [ 3fde1a0e]

]
Algorithm: [MD5withRSA]
Signature:
0000: 1E 4E 6E D7 EF C9 ED 54 99 53 47 0D D8 3C CE 82 .Nn....T.SG..<..

0010: B9 74 9C 8F 52 99 69 FF A4 67 A2 2B 1E 4B A4 81 .t..R.i..g.+.K..

0020: D4 18 F4 F8 01 2F 3E BA 49 5A 37 9E 7C 1D 9D CA ...../>.IZ7.....

0030: 56 53 D1 7B A3 BB AF 7D 1D 5D 1C 66 4E 21 56 E2 VS.......].fN!V.

0040: A5 98 9A 90 A8 59 6C 2E 75 06 9D 76 14 23 D9 CC .....Yl.u..v.#..

0050: BE FD 31 AC 5A E1 B1 F8 B3 48 B7 73 97 A8 3F BE ..1.Z....H.s..?.

0060: EC 9F 14 66 8D 12 12 52 F7 93 E2 A1 76 1C D4 E6 ...f...R....v...

0070: C5 77 97 F3 F7 ED 2E FB 50 37 73 22 DE 35 BD A1 .w......P7s".5..


]

init context

trigger seeding of SecureRandom

done seeding SecureRandom

%% No cached client session

*** ClientHello, TLSv1

RandomCookie: GMT: 1054820132 bytes = { 46, 165, 158, 79, 86, 66, 68, 3, 73, 75, 204, 157, 142, 90, 222, 25, 216, 11, 101, 172, 45, 129, 9, 196, 26, 238, 71, 23 }

Session ID: {}

Cipher Suites: [SSL_RSA_WITH_3DES_EDE_CBC_SHA]

Compression Methods: { 0 }

***

[write] MD5 and SHA1 hashes: len = 45

0000: 01 00 00 29 03 01 3F DF 47 24 2E A5 9E 4F 56 42 ...)..?.G$...OVB

0010: 44 03 49 4B CC 9D 8E 5A DE 19 D8 0B 65 AC 2D 81 D.IK...Z....e.-.

0020: 09 C4 1A EE 47 17 00 00 02 00 0A 01 00 ....G........

main, WRITE: TLSv1 Handshake, length = 45

[write] MD5 and SHA1 hashes: len = 47

0000: 01 03 01 00 06 00 00 00 20 00 00 0A 07 00 C0 3F ........ ......?

0010: DF 47 24 2E A5 9E 4F 56 42 44 03 49 4B CC 9D 8E .G$...OVBD.IK...

0020: 5A DE 19 D8 0B 65 AC 2D 81 09 C4 1A EE 47 17 Z....e.-.....G.

main, WRITE: SSLv2 client hello message, length = 47

main, READ: SSLv3 Handshake, length = 580

*** ServerHello, SSLv3

RandomCookie: GMT: 1054820132 bytes = { 15, 131, 214, 56, 186, 23, 46, 156, 15, 41, 24, 92, 214, 131, 168, 115, 122, 163, 153, 63, 113, 70, 134, 11, 19, 98, 157, 174 }

Session ID: {}

Cipher Suite: SSL_RSA_WITH_3DES_EDE_CBC_SHA

Compression Method: 0

***

%% Created: [Session-1, SSL_RSA_WITH_3DES_EDE_CBC_SHA]

** SSL_RSA_WITH_3DES_EDE_CBC_SHA

[read] MD5 and SHA1 hashes: len = 42

0000: 02 00 00 26 03 00 3F DF 47 24 0F 83 D6 38 BA 17 ...&..?.G$...8..

0010: 2E 9C 0F 29 18 5C D6 83 A8 73 7A A3 99 3F 71 46 ...).\...sz..?qF

0020: 86 0B 13 62 9D AE 00 00 0A 00 ...b......

*** Certificate chain

chain [0] = [
[
Version: V3
Subject: CN=ppmerlin
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffebd
Validity: [From: Tue Dec 16 11:21:05 EST 2003,
To: Sat Dec 31 18:59:59 EST 2039]
Issuer: CN=ppmerlin
SerialNumber: [ 2f4a3ba6 025f92b9 44e81508 70ae93ee]

Certificate Extensions: 2
[1]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.1]]

[2]: ObjectId: 2.5.29.1 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 3D 30 3B 80 10 74 1D F7 FA 08 9C 11 56 FE 7F .=0;..t......V..

0010: 08 D7 71 E0 58 06 A1 15 30 13 31 11 30 0F 06 03 ..q.X...0.1.0...

0020: 55 04 03 13 08 70 70 6D 65 72 6C 69 6E 82 10 2F U....ppmerlin../

0030: 4A 3B A6 02 5F 92 B9 44 E8 15 08 70 AE 93 EE J;.._..D...p...



]
Algorithm: [MD5withRSA]
Signature:
0000: CE 24 AC B9 38 20 F5 E4 20 FA AA A1 F9 FD E3 BF .$..8 .. .......

0010: DE 93 8F C3 6D 92 BE DE 9D 1C D3 E2 23 BE 2E 31 ....m.......#..1

0020: 4D 9B CD 85 6A 43 28 A0 2D 9B C0 63 D9 CA 5E 01 M...jC(.-..c..^.

0030: 23 4D 00 94 47 D7 B8 9E 53 65 21 7E 47 89 FF BC #M..G...Se!.G...

0040: 0D 38 0D 85 8B F4 22 1A F8 48 E6 30 5A 30 72 E0 .8...."..H.0Z0r.

0050: 3D 40 C7 99 E1 7B 83 62 59 E9 7A 60 D2 FC C7 FD =@.....bY.z`....

0060: 04 48 C7 FA DE 76 14 16 A5 27 DB D7 E8 7E 1F 83 .H...v...'......

0070: 44 52 9B 34 F6 B4 D0 F8 B3 F2 FE 18 73 88 EE 0E DR.4........s...


]

***

stop on trusted cert: [
[
Version: V3
Subject: CN=ppmerlin
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@fffffebd
Validity: [From: Tue Dec 16 11:21:05 EST 2003,
To: Sat Dec 31 18:59:59 EST 2039]
Issuer: CN=ppmerlin
SerialNumber: [ 2f4a3ba6 025f92b9 44e81508 70ae93ee]

Certificate Extensions: 2
[1]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.1]]

[2]: ObjectId: 2.5.29.1 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 3D 30 3B 80 10 74 1D F7 FA 08 9C 11 56 FE 7F .=0;..t......V..

0010: 08 D7 71 E0 58 06 A1 15 30 13 31 11 30 0F 06 03 ..q.X...0.1.0...

0020: 55 04 03 13 08 70 70 6D 65 72 6C 69 6E 82 10 2F U....ppmerlin../

0030: 4A 3B A6 02 5F 92 B9 44 E8 15 08 70 AE 93 EE J;.._..D...p...



]
Algorithm: [MD5withRSA]
Signature:
0000: CE 24 AC B9 38 20 F5 E4 20 FA AA A1 F9 FD E3 BF .$..8 .. .......

0010: DE 93 8F C3 6D 92 BE DE 9D 1C D3 E2 23 BE 2E 31 ....m.......#..1

0020: 4D 9B CD 85 6A 43 28 A0 2D 9B C0 63 D9 CA 5E 01 M...jC(.-..c..^.

0030: 23 4D 00 94 47 D7 B8 9E 53 65 21 7E 47 89 FF BC #M..G...Se!.G...

0040: 0D 38 0D 85 8B F4 22 1A F8 48 E6 30 5A 30 72 E0 .8...."..H.0Z0r.

0050: 3D 40 C7 99 E1 7B 83 62 59 E9 7A 60 D2 FC C7 FD =@.....bY.z`....

0060: 04 48 C7 FA DE 76 14 16 A5 27 DB D7 E8 7E 1F 83 .H...v...'......

0070: 44 52 9B 34 F6 B4 D0 F8 B3 F2 FE 18 73 88 EE 0E DR.4........s...


]

[read] MD5 and SHA1 hashes: len = 534

0000: 0B 00 02 12 00 02 0F 00 02 0C 30 82 02 08 30 82 ..........0...0.

0010: 01 71 A0 03 02 01 02 02 10 2F 4A 3B A6 02 5F 92 .q......./J;.._.

0020: B9 44 E8 15 08 70 AE 93 EE 30 0D 06 09 2A 86 48 .D...p...0...*.H

0030: 86 F7 0D 01 01 04 05 00 30 13 31 11 30 0F 06 03 ........0.1.0...

0040: 55 04 03 13 08 70 70 6D 65 72 6C 69 6E 30 1E 17 U....ppmerlin0..

0050: 0D 30 33 31 32 31 36 31 36 32 31 30 35 5A 17 0D .031216162105Z..

0060: 33 39 31 32 33 31 32 33 35 39 35 39 5A 30 13 31 391231235959Z0.1

0070: 11 30 0F 06 03 55 04 03 13 08 70 70 6D 65 72 6C .0...U....ppmerl

0080: 69 6E 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 in0..0...*.H....

0090: 01 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 E4 ........0.......

00A0: 55 D0 7B EC D4 B9 27 54 A0 24 17 AB 80 1C 76 88 U.....'T.$....v.

00B0: 38 FF DE 51 10 20 B0 D1 C5 F5 62 F5 EA 6D 44 F7 8..Q. ....b..mD.

00C0: 8E CF F1 0C F6 D8 48 12 72 F2 48 ED C7 5F 21 61 ......H.r.H.._!a

00D0: A2 31 89 4C DF D7 EF D4 F6 83 12 9B 8E 16 C6 E8 .1.L............

00E0: 92 DA 28 28 4E EE 2F A4 39 6E E1 B8 41 65 F4 04 ..((N./.9n..Ae..

00F0: 4D C3 71 7D 5E 98 C9 7C D9 A6 66 43 8C DD AD 06 M.q.^.....fC....

0100: 01 5B B4 26 0B 0E C5 56 FE 13 A9 0F B7 4D 60 BD .[.&...V.....M`.

0110: C2 40 B8 B5 2B 22 8B A9 EF 89 E6 10 74 D2 EF 02 .@..+"......t...

0120: 03 01 00 01 A3 5D 30 5B 30 13 06 03 55 1D 25 04 .....]0[0...U.%.

0130: 0C 30 0A 06 08 2B 06 01 05 05 07 03 01 30 44 06 .0...+.......0D.

0140: 03 55 1D 01 04 3D 30 3B 80 10 74 1D F7 FA 08 9C .U...=0;..t.....

0150: 11 56 FE 7F 08 D7 71 E0 58 06 A1 15 30 13 31 11 .V....q.X...0.1.

0160: 30 0F 06 03 55 04 03 13 08 70 70 6D 65 72 6C 69 0...U....ppmerli

0170: 6E 82 10 2F 4A 3B A6 02 5F 92 B9 44 E8 15 08 70 n../J;.._..D...p

0180: AE 93 EE 30 0D 06 09 2A 86 48 86 F7 0D 01 01 04 ...0...*.H......

0190: 05 00 03 81 81 00 CE 24 AC B9 38 20 F5 E4 20 FA .......$..8 .. .

01A0: AA A1 F9 FD E3 BF DE 93 8F C3 6D 92 BE DE 9D 1C ..........m.....

01B0: D3 E2 23 BE 2E 31 4D 9B CD 85 6A 43 28 A0 2D 9B ..#..1M...jC(.-.

01C0: C0 63 D9 CA 5E 01 23 4D 00 94 47 D7 B8 9E 53 65 .c..^.#M..G...Se

01D0: 21 7E 47 89 FF BC 0D 38 0D 85 8B F4 22 1A F8 48 !.G....8...."..H

01E0: E6 30 5A 30 72 E0 3D 40 C7 99 E1 7B 83 62 59 E9 .0Z0r.=@.....bY.

01F0: 7A 60 D2 FC C7 FD 04 48 C7 FA DE 76 14 16 A5 27 z`.....H...v...'

0200: DB D7 E8 7E 1F 83 44 52 9B 34 F6 B4 D0 F8 B3 F2 ......DR.4......

0210: FE 18 73 88 EE 0E ..s...

*** ServerHelloDone

[read] MD5 and SHA1 hashes: len = 4

0000: 0E 00 00 00 ....

JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding

*** ClientKeyExchange, RSA PreMasterSecret, SSLv3

Random Secret: { 3, 0, 7, 135, 195, 175, 53, 214, 195, 49, 109, 1, 99, 75, 124, 27, 78, 39, 89, 22, 255, 180, 69, 198, 34, 178, 180, 178, 242, 247, 232, 134, 85, 152, 177, 254, 11, 125, 169, 68, 110, 209, 237, 86, 122, 43, 218, 187 }

[write] MD5 and SHA1 hashes: len = 132

0000: 10 00 00 80 80 DB CA D4 9C 4D 4E 7B BF 96 DC DF .........MN.....

0010: 1C 44 32 49 58 87 33 1D C2 65 D6 EF 91 25 78 2D .D2IX.3..e...%x-

0020: 8E 86 71 CA 64 E3 6B 53 51 91 69 AD 59 8D 00 A0 ..q.d.kSQ.i.Y...

0030: 1C F9 5B 70 92 DE CA 11 77 F9 4F A5 E7 84 95 C6 ..[p....w.O.....

0040: D9 5E D8 F8 20 7C 7E D0 69 48 2F 24 23 BB 5D EF .^.. ...iH/$#.].

0050: 3F CF 95 CF 1F 51 13 FB A0 A5 34 AF D7 7C 41 6A ?....Q....4...Aj

0060: 1A 91 F2 2D 15 89 FB 1D 0A 3C 2E 98 00 1B 68 71 ...-.....<....hq

0070: 29 D5 D0 50 6C E1 05 F7 6F 99 A1 7F 3A CD D1 86 )..Pl...o...:...

0080: EC 35 D1 98 .5..

main, WRITE: SSLv3 Handshake, length = 132

SESSION KEYGEN:

PreMaster Secret:

0000: 03 00 07 87 C3 AF 35 D6 C3 31 6D 01 63 4B 7C 1B ......5..1m.cK..

0010: 4E 27 59 16 FF B4 45 C6 22 B2 B4 B2 F2 F7 E8 86 N'Y...E.".......

0020: 55 98 B1 FE 0B 7D A9 44 6E D1 ED 56 7A 2B DA BB U......Dn..Vz+..

CONNECTION KEYGEN:

Client Nonce:

0000: 3F DF 47 24 2E A5 9E 4F 56 42 44 03 49 4B CC 9D ?.G$...OVBD.IK..

0010: 8E 5A DE 19 D8 0B 65 AC 2D 81 09 C4 1A EE 47 17 .Z....e.-.....G.

Server Nonce:

0000: 3F DF 47 24 0F 83 D6 38 BA 17 2E 9C 0F 29 18 5C ?.G$...8.....).\

0010: D6 83 A8 73 7A A3 99 3F 71 46 86 0B 13 62 9D AE ...sz..?qF...b..

Master Secret:

0000: D4 90 CE CC AE 0C B2 AD E6 BC 72 95 E7 E2 46 47 ..........r...FG

0010: 94 AE 0E 78 41 49 FE A7 49 DB 43 67 EF 7E B6 80 ...xAI..I.Cg....

0020: 2A A6 6A FD 61 44 6F D7 7E 98 63 D8 BD D4 F1 FA *.j.aDo...c.....

Client MAC write Secret:

0000: 5A 3A CF EE C4 03 B2 D4 D3 33 62 B1 D4 FD 36 67 Z:.......3b...6g

0010: 30 C4 A3 37 0..7

Server MAC write Secret:

0000: 05 93 0D 06 72 CF 50 6A 3D 25 53 FC F7 7A A4 B4 ....r.Pj=%S..z..

0010: 50 58 A8 8A PX..

Client write key:

0000: 67 1E 5F C7 BA F9 D0 27 8B A8 C8 D0 8C D1 FC 83 g._....'........

0010: 75 FE F6 29 A9 D9 09 8C u..)....

Server write key:

0000: C4 A0 76 AD C7 7F 63 3C 31 EE 25 09 95 17 4F B4 ..v...c<1.%...O.

0010: 37 84 AC 5C 86 FF 5F BB 7..\.._.

Client write IV:

0000: 06 93 58 F0 DF BA 43 93 ..X...C.

Server write IV:

0000: 9A 2C 48 45 9F 29 0E 22 .,HE.)."

main, WRITE: SSLv3 Change Cipher Spec, length = 1

JsseJCE: Using JSSE internal implementation for cipher DESede/CBC/NoPadding

*** Finished

verify_data: { 35, 98, 224, 172, 192, 252, 92, 65, 209, 46, 152, 45, 182, 170, 203, 58, 236, 149, 131, 10, 251, 41, 44, 144, 184, 26, 72, 114, 17, 186, 5, 77, 56, 61, 164, 122 }

***

[write] MD5 and SHA1 hashes: len = 40

0000: 14 00 00 24 23 62 E0 AC C0 FC 5C 41 D1 2E 98 2D ...$#b....\A...-

0010: B6 AA CB 3A EC 95 83 0A FB 29 2C 90 B8 1A 48 72 ...:.....),...Hr

0020: 11 BA 05 4D 38 3D A4 7A ...M8=.z

Padded plaintext before ENCRYPTION: len = 64

0000: 14 00 00 24 23 62 E0 AC C0 FC 5C 41 D1 2E 98 2D ...$#b....\A...-

0010: B6 AA CB 3A EC 95 83 0A FB 29 2C 90 B8 1A 48 72 ...:.....),...Hr

0020: 11 BA 05 4D 38 3D A4 7A 5B 5E BD B6 61 18 37 E8 ...M8=.z[^..a.7.

0030: B6 41 E7 1B E3 F7 1D 7C EE C4 D2 A2 03 03 03 03 .A..............

main, WRITE: SSLv3 Handshake, length = 64

main, received EOFException: error

main, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

main, SEND SSLv3 ALERT: fatal, description = unexpected_message

Padded plaintext before ENCRYPTION: len = 24

0000: 02 0A 42 8F 28 38 B5 B2 AC A0 94 2D CC E3 4B DC ..B.(8.....-..K.

0010: 12 59 D1 A9 B2 CF 01 01 Error: Remote host closed connection during handshake

.Y......

main, WRITE: SSLv3 Alert, length = 24

main, called closeSocket()

Sorry for the duplicate post, I actually did not see the reply link.

I figured out the problem. I am using makecert to create the certificate and I used the -sky default which specifies the type of key (signature or exchange) and it must be signature. When I explicitly stated exchange my certificate worked. I would nice if some how an error message could indicate this error. Also does the framework support any tracing or logging?