Tag mismatch SSL error when trying to connect to SMK

Hi Phil, I am struggling with an odd error. I am on a linux machine using java 11.0.20 trying to signal to the SMK a new participant. I have a small wrapper that handles parameters passed in as arguments and calls the ManageParticipantIdentifierServiceCaller . I get an SSL exception saying tag mismatch and I cannot find out why. On another machine the same code works when connecting to the SML. So production works but test does not. I tried the same code on a windows machine connecting to the SMK and it was able to successfully connect. I am at a loss as to what the problem may be. It is not a firewall issue as it can access the SMK's certificate chain. could it be a cipher issue? Both linux machines use java 11.0.20 and openssl 1.0.2.
Thank you, Alex
Please find below the redacted log of the failing call
2023-11-28T13:53:53,532 INFO  com.helger.phoss.smp.security.SMPKeyManager._loadKeyStore(SMPKeyManager.java:122) - SMPKeyManager successfully initialized with keystore 'xxxxxxxxxx.p12' and alias 'smp'
2023-11-28T13:53:53,558 WARN  com.helger.phoss.smp.security.SMPKeyManager.createSSLContext(SMPKeyManager.java:209) - No truststore is configured, so the build SSL/TLS connection will trust all hosts!
2023-11-28T13:53:53,628 INFO  com.helger.peppol.smlclient.ManageParticipantIdentifierServiceCaller.create(ManageParticipantIdentifierServiceCaller.java:168) - Trying to create new participant iso6523-actorid-upis::0151:xxxxxxxxxxx in SMP 'xxxxxxxxxxx-TEST'
2023-11-28T13:53:55,775 INFO  com.helger.commons.ws.TrustManagerTrustAll.checkServerTrusted(TrustManagerTrustAll.java:69) - checkServerTrusted ([[
[
  Version: V3
  Subject: CN=edelivery.tech.ec.europa.eu, O=European Commission, L=Brussels, ST=Brussels-Capital Region, C=BE
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits
  params: null
  modulus: 29573442910608890274964506394851617461462393378201187129286486057826326808575306607460482297651358900494662491660451036494778967275793479943339837067783937955740256468001380007106539786871875262212501547687554170360231944769789462933576074572690125435911201460708058634618446519457761664119874304859959706084215564036747861036310004192706024115261012262202328800233820085694658524674081881473284733341242826184366735045229902947088301472155932091068193925933683345448250954405174617999193741854024221537646229720202039920840135694698302378527693190975919187973034272309163700274802755632374734929084066754295698607839
  public exponent: 65537
  Validity: [From: Mon Jul 24 07:41:20 UTC 2023,
               To: Sat Aug 24 07:41:19 UTC 2024]
  Issuer: CN=GlobalSign RSA OV SSL CA 2018, O=GlobalSign nv-sa, C=BE
  SerialNumber: [    37966eac 11cf207d 2805b7a9]

Certificate Extensions: 10
[1]: ObjectId: 1.3.6.1.4.1.11129.2.4.2 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 82 01 6F 04 82 01 6B   01 69 00 77 00 EE CD D0  ...o...k.i.w....
0010: 64 D5 DB 1A CE C5 5C B7   9D B4 CD 13 A2 32 87 46  d.....\\......2.F
0020: 7C BC EC DE C3 51 48 59   46 71 1F B5 9B 00 00 01  .....QHYFq......
0030: 89 86 D8 93 4E 00 00 04   03 00 48 30 46 02 21 00  ....N.....H0F.!.
0040: D4 8C DC C8 CC 7C E4 16   B4 D0 4D 07 CE 5C 79 84  ..........M..\\y.
0050: 2E 01 95 F2 1B 15 E7 28   55 5C 7D 02 4F 8B 69 89  .......(U\\..O.i.
0060: 02 21 00 E5 33 6B 59 90   23 F7 BD EF 2A 8E 7C 4E  .!..3kY.#...*..N
0070: D9 E9 BB 48 C4 1E 58 47   FE 37 F2 AA 1C C0 A0 D0  ...H..XG.7......
0080: 4E 02 60 00 77 00 48 B0   E3 6B DA A6 47 34 0F E5  N.`.w.H..k..G4..
0090: 6A 02 FA 9D 30 EB 1C 52   01 CB 56 DD 2C 81 D9 BB  j...0..R..V.,...
00A0: BF AB 39 D8 84 73 00 00   01 89 86 D8 93 66 00 00  ..9..s.......f..
00B0: 04 03 00 48 30 46 02 21   00 FD C3 54 C9 4A E8 63  ...H0F.!...T.J.c
00C0: 7A 59 F4 E3 3C 68 C9 B8   C0 1B AD F9 79 A6 26 1E  zY..<h......y.&.
00D0: 4A 6C 7F C9 4B 32 88 C7   C4 02 21 00 DA 39 B7 77  Jl..K2....!..9.w
00E0: 86 54 45 40 86 E7 D0 C9   F0 41 DA A0 E7 94 CE C3  .TE@.....A......
00F0: 35 51 C3 8A 85 FB 78 7C   74 A8 0D 0C 00 75 00 DA  5Q....x.t....u..
0100: B6 BF 6B 3F B5 B6 22 9F   9B C2 BB 5C 6B E8 70 91  ..k?..\"....\\k.p.
0110: 71 6C BB 51 84 85 34 BD   A4 3D 30 48 D7 FB AB 00  ql.Q..4..=0H....
0120: 00 01 89 86 D8 93 74 00   00 04 03 00 46 30 44 02  ......t.....F0D.
0130: 20 72 51 2D 3D 4B EB CD   93 C5 72 B4 14 11 B5 06   rQ-=K....r.....
0140: F5 73 4F 24 74 D6 D2 FE   FC 7B 8F 6A 81 C6 B3 FB  .sO$t......j....
0150: 36 02 20 09 52 1B 50 09   66 D2 02 C2 8B 48 F6 BF  6. .R.P.f....H..
0160: 7A 9B E6 85 C9 1F 78 8D   1B 1F DB 94 33 6D C7 52  z.....x.....3m.R
0170: 70 5E 96                                           p^.

[2]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: caIssuers
   accessLocation: URIName: http://secure.globalsign.com/cacert/gsrsaovsslca2018.crt
, 
   accessMethod: ocsp
   accessLocation: URIName: http://ocsp.globalsign.com/gsrsaovsslca2018
]
]

[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: F8 EF 7F F2 CD 78 67 A8   DE 6F 8F 24 8D 88 F1 87  .....xg..o.$....
0010: 03 02 B3 EB                                        ....
]
]

[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:false
  PathLen: undefined
]

[5]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://crl.globalsign.com/gsrsaovsslca2018.crl]
]]

[6]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [1.3.6.1.4.1.4146.1.20]
[PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000: 16 26 68 74 74 70 73 3A   2F 2F 77 77 77 2E 67 6C  .&https://www.gl
0010: 6F 62 61 6C 73 69 67 6E   2E 63 6F 6D 2F 72 65 70  obalsign.com/rep
0020: 6F 73 69 74 6F 72 79 2F                            ository/

]]  ]
  [CertificatePolicyId: [2.23.140.1.2.2]
[]  ]
]

[7]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  serverAuth
  clientAuth
]

[8]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  DigitalSignature
  Key_Encipherment
]

[9]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  DNSName: edelivery.tech.ec.europa.eu
]

[10]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: CC 5F 64 E9 BB 83 95 70   92 6A F6 9F D0 B2 C1 18  ._d....p.j......
0010: CB 80 3A 96                                        ..:.
]
]

]
  Algorithm: [SHA256withRSA]
  Signature:
0000: 5E 1D 4E 76 9B 01 C0 09   38 63 66 7B 8C 72 2D 93  ^.Nv....8cf..r-.
0010: 3E E8 24 8E 39 65 75 68   49 C1 A0 43 46 61 A4 21  >.$.9euhI..CFa.!
0020: 93 F7 EF FD 15 D9 07 16   18 A9 66 DA 93 C2 69 F5  ..........f...i.
0030: 3A E6 F2 A6 66 8E C5 DD   CB 4A CE AD 3D 8C 7E 13  :...f....J..=...
0040: 50 43 A4 E4 9F 84 3F BD   4F 96 CD D6 D2 31 8E D8  PC....?.O....1..
0050: 3D 38 D7 D7 2B E4 99 45   F9 9C D3 A1 DE 9C 04 E7  =8..+..E........
0060: D9 35 BC 66 1E BA 03 AA   D7 90 9A D4 6C 32 85 BA  .5.f........l2..
0070: 1A 1D 36 22 08 3B B4 9C   C7 40 79 75 D7 EB B6 31  ..6\".;...@yu...1
0080: 29 88 F4 FF 18 B1 F1 D7   F6 14 D2 59 E2 7B 40 88  )..........Y..@.
0090: D0 12 4E 02 4B F9 10 25   A9 65 50 64 80 47 80 7A  ..N.K..%.ePd.G.z
00A0: 73 74 EF 89 41 81 31 85   35 8C B4 84 3A 34 28 08  st..A.1.5...:4(.
00B0: 2B 7A B4 E4 C1 C1 46 34   C1 83 10 7C 45 52 9D C5  +z....F4....ER..
00C0: 6A 94 F2 58 CA C6 A7 65   F1 56 C4 52 FC 54 91 D9  j..X...e.V.R.T..
00D0: 74 74 A5 41 B8 DF 57 E2   88 2C 51 5A 26 05 16 2D  tt.A..W..,QZ&..-
00E0: 0E E5 40 4E 21 06 97 D5   65 DD C0 43 E6 AB A1 1A  ..@N!...e..C....
00F0: 33 9C F9 FF 96 AE 87 21   6B 07 52 4F EB 20 26 3F  3......!k.RO. &?

], [
[
  Version: V3
  Subject: CN=GlobalSign RSA OV SSL CA 2018, O=GlobalSign nv-sa, C=BE
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits
  params: null
  modulus: 21126566361448906107436419936616456930503766795295011397390099377214532594339540630127839983694000880957855429090662736543459885979148095011845773324878609805910592394098822605447205094595434773457756619595496551339815291517938821967518409268674135327890982411359059853554206557405488402844883476783910436071263072611374930015184977470928360416482680275213210359134955800600416298955663157681791825971806614492086218468021537113159139781585498849221181678353105886727402106622369312650411327690533152044002528504537929182833153678424044530351812527294481555102466085982300518657855234182316103558953341555178558367567
  public exponent: 65537
  Validity: [From: Wed Nov 21 00:00:00 UTC 2018,
               To: Tue Nov 21 00:00:00 UTC 2028]
  Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
  SerialNumber: [    01ee5f22 1dfc623b d4333a85 57]

Certificate Extensions: 7
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: ocsp
   accessLocation: URIName: http://ocsp2.globalsign.com/rootr3
]
]

[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 8F F0 4B 7F A8 2E 45 24   AE 4D 50 FA 63 9A 8B DE  ..K...E$.MP.c...
0010: E2 DD 1B BC                                        ....
]
]

[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:true
  PathLen:0
]

[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://crl.globalsign.com/root-r3.crl]
]]

[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [2.5.29.32.0]
[PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000: 16 26 68 74 74 70 73 3A   2F 2F 77 77 77 2E 67 6C  .&https://www.gl
0010: 6F 62 61 6C 73 69 67 6E   2E 63 6F 6D 2F 72 65 70  obalsign.com/rep
0020: 6F 73 69 74 6F 72 79 2F                            ository/

]]  ]
]

[6]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  DigitalSignature
  Key_CertSign
  Crl_Sign
]

[7]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: F8 EF 7F F2 CD 78 67 A8   DE 6F 8F 24 8D 88 F1 87  .....xg..o.$....
0010: 03 02 B3 EB                                        ....
]
]

]
  Algorithm: [SHA256withRSA]
  Signature:
0000: 99 90 C8 2D 5F 42 8A D4   0B 66 DB 98 03 73 11 D4  ...-_B...f...s..
0010: 88 86 52 28 53 8A FB AD   DF FD 73 8E 3A 67 04 DB  ..R(S.....s.:g..
0020: C3 53 14 70 14 09 7C C3   E0 F8 D7 1C 98 1A A2 C4  .S.p............
0030: 3E DB E9 00 E3 CA 70 B2   F1 22 30 21 56 DB D3 AD  >.....p..\"0!V...
0040: 79 5E 81 58 0B 6D 14 80   35 F5 6F 5D 1D EB 9A 47  y^.X.m..5.o]...G
0050: 05 FF 59 8D 00 B1 40 DA   90 98 96 1A BA 6C 6D 7F  ..Y...@......lm.
0060: 8C F5 B3 80 DF 8C 64 73   36 96 79 79 69 74 EA BF  ......ds6.yyit..
0070: F8 9E 01 8F A0 95 69 8D   E9 84 BA E9 E5 D4 88 38  ......i........8
0080: DB 78 3B 98 D0 36 7B 29   B0 D2 52 18 90 DE 52 43  .x;..6.)..R...RC
0090: 00 AE 6A 27 C8 14 9E 86   95 AC E1 80 31 30 7E 9A  ..j'........10..
00A0: 25 BB 8B AC 04 23 A6 99   00 E8 F1 D2 26 EC 0F 7E  %....#......&...
00B0: 3B 8A 2B 92 38 13 1D 8F   86 CD 86 52 47 E6 34 7C  ;.+.8......RG.4.
00C0: 5B A4 02 3E 8A 61 7C 22   76 53 5A 94 53 33 86 B8  [..>.a.\"vSZ.S3..
00D0: 92 A8 72 AF A1 F9 52 87   1F 31 A5 FC B0 81 57 2F  ..r...R..1....W/
00E0: CD F4 CE DC F6 24 CF A7   E2 34 90 68 9D FE AA F1  .....$...4.h....
00F0: A9 9A 12 CC 9B C0 C6 C3   A8 A5 B0 21 7E DE 48 F6  ...........!..H.

]], UNKNOWN)
2023-11-28T13:53:56,806 INFO  com.helger.commons.ws.TrustManagerTrustAll.checkServerTrusted(TrustManagerTrustAll.java:69) - checkServerTrusted ([[
[
  Version: V3
  Subject: CN=edelivery.tech.ec.europa.eu, O=European Commission, L=Brussels, ST=Brussels-Capital Region, C=BE
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits
  params: null
  modulus: 29573442910608890274964506394851617461462393378201187129286486057826326808575306607460482297651358900494662491660451036494778967275793479943339837067783937955740256468001380007106539786871875262212501547687554170360231944769789462933576074572690125435911201460708058634618446519457761664119874304859959706084215564036747861036310004192706024115261012262202328800233820085694658524674081881473284733341242826184366735045229902947088301472155932091068193925933683345448250954405174617999193741854024221537646229720202039920840135694698302378527693190975919187973034272309163700274802755632374734929084066754295698607839
  public exponent: 65537
  Validity: [From: Mon Jul 24 07:41:20 UTC 2023,
               To: Sat Aug 24 07:41:19 UTC 2024]
  Issuer: CN=GlobalSign RSA OV SSL CA 2018, O=GlobalSign nv-sa, C=BE
  SerialNumber: [    37966eac 11cf207d 2805b7a9]

Certificate Extensions: 10
[1]: ObjectId: 1.3.6.1.4.1.11129.2.4.2 Criticality=false
Extension unknown: DER encoded OCTET string =
0000: 04 82 01 6F 04 82 01 6B   01 69 00 77 00 EE CD D0  ...o...k.i.w....
0010: 64 D5 DB 1A CE C5 5C B7   9D B4 CD 13 A2 32 87 46  d.....\\......2.F
0020: 7C BC EC DE C3 51 48 59   46 71 1F B5 9B 00 00 01  .....QHYFq......
0030: 89 86 D8 93 4E 00 00 04   03 00 48 30 46 02 21 00  ....N.....H0F.!.
0040: D4 8C DC C8 CC 7C E4 16   B4 D0 4D 07 CE 5C 79 84  ..........M..\\y.
0050: 2E 01 95 F2 1B 15 E7 28   55 5C 7D 02 4F 8B 69 89  .......(U\\..O.i.
0060: 02 21 00 E5 33 6B 59 90   23 F7 BD EF 2A 8E 7C 4E  .!..3kY.#...*..N
0070: D9 E9 BB 48 C4 1E 58 47   FE 37 F2 AA 1C C0 A0 D0  ...H..XG.7......
0080: 4E 02 60 00 77 00 48 B0   E3 6B DA A6 47 34 0F E5  N.`.w.H..k..G4..
0090: 6A 02 FA 9D 30 EB 1C 52   01 CB 56 DD 2C 81 D9 BB  j...0..R..V.,...
00A0: BF AB 39 D8 84 73 00 00   01 89 86 D8 93 66 00 00  ..9..s.......f..
00B0: 04 03 00 48 30 46 02 21   00 FD C3 54 C9 4A E8 63  ...H0F.!...T.J.c
00C0: 7A 59 F4 E3 3C 68 C9 B8   C0 1B AD F9 79 A6 26 1E  zY..<h......y.&.
00D0: 4A 6C 7F C9 4B 32 88 C7   C4 02 21 00 DA 39 B7 77  Jl..K2....!..9.w
00E0: 86 54 45 40 86 E7 D0 C9   F0 41 DA A0 E7 94 CE C3  .TE@.....A......
00F0: 35 51 C3 8A 85 FB 78 7C   74 A8 0D 0C 00 75 00 DA  5Q....x.t....u..
0100: B6 BF 6B 3F B5 B6 22 9F   9B C2 BB 5C 6B E8 70 91  ..k?..\"....\\k.p.
0110: 71 6C BB 51 84 85 34 BD   A4 3D 30 48 D7 FB AB 00  ql.Q..4..=0H....
0120: 00 01 89 86 D8 93 74 00   00 04 03 00 46 30 44 02  ......t.....F0D.
0130: 20 72 51 2D 3D 4B EB CD   93 C5 72 B4 14 11 B5 06   rQ-=K....r.....
0140: F5 73 4F 24 74 D6 D2 FE   FC 7B 8F 6A 81 C6 B3 FB  .sO$t......j....
0150: 36 02 20 09 52 1B 50 09   66 D2 02 C2 8B 48 F6 BF  6. .R.P.f....H..
0160: 7A 9B E6 85 C9 1F 78 8D   1B 1F DB 94 33 6D C7 52  z.....x.....3m.R
0170: 70 5E 96                                           p^.

[2]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: caIssuers
   accessLocation: URIName: http://secure.globalsign.com/cacert/gsrsaovsslca2018.crt
, 
   accessMethod: ocsp
   accessLocation: URIName: http://ocsp.globalsign.com/gsrsaovsslca2018
]
]

[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: F8 EF 7F F2 CD 78 67 A8   DE 6F 8F 24 8D 88 F1 87  .....xg..o.$....
0010: 03 02 B3 EB                                        ....
]
]

[4]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:false
  PathLen: undefined
]

[5]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://crl.globalsign.com/gsrsaovsslca2018.crl]
]]

[6]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [1.3.6.1.4.1.4146.1.20]
[PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000: 16 26 68 74 74 70 73 3A   2F 2F 77 77 77 2E 67 6C  .&https://www.gl
0010: 6F 62 61 6C 73 69 67 6E   2E 63 6F 6D 2F 72 65 70  obalsign.com/rep
0020: 6F 73 69 74 6F 72 79 2F                            ository/

]]  ]
  [CertificatePolicyId: [2.23.140.1.2.2]
[]  ]
]

[7]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
  serverAuth
  clientAuth
]

[8]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  DigitalSignature
  Key_Encipherment
]

[9]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
  DNSName: edelivery.tech.ec.europa.eu
]

[10]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: CC 5F 64 E9 BB 83 95 70   92 6A F6 9F D0 B2 C1 18  ._d....p.j......
0010: CB 80 3A 96                                        ..:.
]
]

]
  Algorithm: [SHA256withRSA]
  Signature:
0000: 5E 1D 4E 76 9B 01 C0 09   38 63 66 7B 8C 72 2D 93  ^.Nv....8cf..r-.
0010: 3E E8 24 8E 39 65 75 68   49 C1 A0 43 46 61 A4 21  >.$.9euhI..CFa.!
0020: 93 F7 EF FD 15 D9 07 16   18 A9 66 DA 93 C2 69 F5  ..........f...i.
0030: 3A E6 F2 A6 66 8E C5 DD   CB 4A CE AD 3D 8C 7E 13  :...f....J..=...
0040: 50 43 A4 E4 9F 84 3F BD   4F 96 CD D6 D2 31 8E D8  PC....?.O....1..
0050: 3D 38 D7 D7 2B E4 99 45   F9 9C D3 A1 DE 9C 04 E7  =8..+..E........
0060: D9 35 BC 66 1E BA 03 AA   D7 90 9A D4 6C 32 85 BA  .5.f........l2..
0070: 1A 1D 36 22 08 3B B4 9C   C7 40 79 75 D7 EB B6 31  ..6\".;...@yu...1
0080: 29 88 F4 FF 18 B1 F1 D7   F6 14 D2 59 E2 7B 40 88  )..........Y..@.
0090: D0 12 4E 02 4B F9 10 25   A9 65 50 64 80 47 80 7A  ..N.K..%.ePd.G.z
00A0: 73 74 EF 89 41 81 31 85   35 8C B4 84 3A 34 28 08  st..A.1.5...:4(.
00B0: 2B 7A B4 E4 C1 C1 46 34   C1 83 10 7C 45 52 9D C5  +z....F4....ER..
00C0: 6A 94 F2 58 CA C6 A7 65   F1 56 C4 52 FC 54 91 D9  j..X...e.V.R.T..
00D0: 74 74 A5 41 B8 DF 57 E2   88 2C 51 5A 26 05 16 2D  tt.A..W..,QZ&..-
00E0: 0E E5 40 4E 21 06 97 D5   65 DD C0 43 E6 AB A1 1A  ..@N!...e..C....
00F0: 33 9C F9 FF 96 AE 87 21   6B 07 52 4F EB 20 26 3F  3......!k.RO. &?

], [
[
  Version: V3
  Subject: CN=GlobalSign RSA OV SSL CA 2018, O=GlobalSign nv-sa, C=BE
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits
  params: null
  modulus: 21126566361448906107436419936616456930503766795295011397390099377214532594339540630127839983694000880957855429090662736543459885979148095011845773324878609805910592394098822605447205094595434773457756619595496551339815291517938821967518409268674135327890982411359059853554206557405488402844883476783910436071263072611374930015184977470928360416482680275213210359134955800600416298955663157681791825971806614492086218468021537113159139781585498849221181678353105886727402106622369312650411327690533152044002528504537929182833153678424044530351812527294481555102466085982300518657855234182316103558953341555178558367567
  public exponent: 65537
  Validity: [From: Wed Nov 21 00:00:00 UTC 2018,
               To: Tue Nov 21 00:00:00 UTC 2028]
  Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
  SerialNumber: [    01ee5f22 1dfc623b d4333a85 57]

Certificate Extensions: 7
[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
  [
   accessMethod: ocsp
   accessLocation: URIName: http://ocsp2.globalsign.com/rootr3
]
]

[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 8F F0 4B 7F A8 2E 45 24   AE 4D 50 FA 63 9A 8B DE  ..K...E$.MP.c...
0010: E2 DD 1B BC                                        ....
]
]

[3]: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:true
  PathLen:0
]

[4]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
  [DistributionPoint:
     [URIName: http://crl.globalsign.com/root-r3.crl]
]]

[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
  [CertificatePolicyId: [2.5.29.32.0]
[PolicyQualifierInfo: [
  qualifierID: 1.3.6.1.5.5.7.2.1
  qualifier: 0000: 16 26 68 74 74 70 73 3A   2F 2F 77 77 77 2E 67 6C  .&https://www.gl
0010: 6F 62 61 6C 73 69 67 6E   2E 63 6F 6D 2F 72 65 70  obalsign.com/rep
0020: 6F 73 69 74 6F 72 79 2F                            ository/

]]  ]
]

[6]: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  DigitalSignature
  Key_CertSign
  Crl_Sign
]

[7]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: F8 EF 7F F2 CD 78 67 A8   DE 6F 8F 24 8D 88 F1 87  .....xg..o.$....
0010: 03 02 B3 EB                                        ....
]
]

]
  Algorithm: [SHA256withRSA]
  Signature:
0000: 99 90 C8 2D 5F 42 8A D4   0B 66 DB 98 03 73 11 D4  ...-_B...f...s..
0010: 88 86 52 28 53 8A FB AD   DF FD 73 8E 3A 67 04 DB  ..R(S.....s.:g..
0020: C3 53 14 70 14 09 7C C3   E0 F8 D7 1C 98 1A A2 C4  .S.p............
0030: 3E DB E9 00 E3 CA 70 B2   F1 22 30 21 56 DB D3 AD  >.....p..\"0!V...
0040: 79 5E 81 58 0B 6D 14 80   35 F5 6F 5D 1D EB 9A 47  y^.X.m..5.o]...G
0050: 05 FF 59 8D 00 B1 40 DA   90 98 96 1A BA 6C 6D 7F  ..Y...@......lm.
0060: 8C F5 B3 80 DF 8C 64 73   36 96 79 79 69 74 EA BF  ......ds6.yyit..
0070: F8 9E 01 8F A0 95 69 8D   E9 84 BA E9 E5 D4 88 38  ......i........8
0080: DB 78 3B 98 D0 36 7B 29   B0 D2 52 18 90 DE 52 43  .x;..6.)..R...RC
0090: 00 AE 6A 27 C8 14 9E 86   95 AC E1 80 31 30 7E 9A  ..j'........10..
00A0: 25 BB 8B AC 04 23 A6 99   00 E8 F1 D2 26 EC 0F 7E  %....#......&...
00B0: 3B 8A 2B 92 38 13 1D 8F   86 CD 86 52 47 E6 34 7C  ;.+.8......RG.4.
00C0: 5B A4 02 3E 8A 61 7C 22   76 53 5A 94 53 33 86 B8  [..>.a.\"vSZ.S3..
00D0: 92 A8 72 AF A1 F9 52 87   1F 31 A5 FC B0 81 57 2F  ..r...R..1....W/
00E0: CD F4 CE DC F6 24 CF A7   E2 34 90 68 9D FE AA F1  .....$...4.h....
00F0: A9 9A 12 CC 9B C0 C6 C3   A8 A5 B0 21 7E DE 48 F6  ...........!..H.

]], UNKNOWN)

jakarta.xml.ws.WebServiceException: javax.net.ssl.SSLException: Tag mismatch!
        at com.sun.xml.ws.transport.http.client.HttpClientTransport.readResponseCodeAndMessage(HttpClientTransport.java:181)
        at com.sun.xml.ws.transport.http.client.HttpTransportPipe.createResponsePacket(HttpTransportPipe.java:227)
        at com.sun.xml.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:218)
        at com.sun.xml.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:131)
        at com.sun.xml.ws.transport.DeferredTransportPipe.processRequest(DeferredTransportPipe.java:111)
        at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:1106)
        at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:1020)
        at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:989)
        at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:847)
        at com.sun.xml.ws.client.Stub.process(Stub.java:431)
        at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:160)
        at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:78)
        at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:62)
        at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:132)
        at com.sun.proxy.$Proxy47.create(Unknown Source)
        at com.helger.peppol.smlclient.ManageParticipantIdentifierServiceCaller.create(ManageParticipantIdentifierServiceCaller.java:173)
        at com.helger.peppol.smlclient.ManageParticipantIdentifierServiceCaller.create(ManageParticipantIdentifierServiceCaller.java:139)
        at com.sml.SMLWriter.write(SMLWriter.java:81)
        at com.sml.SMLWriter.main(SMLWriter.java:50)
Caused by: javax.net.ssl.SSLException: Tag mismatch!
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:133)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:360)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:303)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:298)
        at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:123)
        at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1514)
        at java.base/sun.security.ssl.SSLSocketImpl.readApplicationRecord(SSLSocketImpl.java:1481)
        at java.base/sun.security.ssl.SSLSocketImpl$AppInputStream.read(SSLSocketImpl.java:1070)
        at java.base/java.io.BufferedInputStream.fill(BufferedInputStream.java:252)
        at java.base/java.io.BufferedInputStream.read1(BufferedInputStream.java:292)
        at java.base/java.io.BufferedInputStream.read(BufferedInputStream.java:351)
        at java.base/sun.net.www.http.HttpClient.parseHTTPHeader(HttpClient.java:789)
        at java.base/sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:724)
        at java.base/sun.net.www.http.HttpClient.parseHTTP(HttpClient.java:748)
        at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1615)
        at java.base/sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1520)
        at java.base/java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:527)
        at java.base/sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:334)
        at com.sun.xml.ws.transport.http.client.HttpClientTransport.readResponseCodeAndMessage(HttpClientTransport.java:177)
        ... 18 more
Caused by: javax.crypto.AEADBadTagException: Tag mismatch!
        at java.base/com.sun.crypto.provider.GaloisCounterMode.decryptFinal(GaloisCounterMode.java:623)
        at java.base/com.sun.crypto.provider.CipherCore.finalNoPadding(CipherCore.java:1122)
        at java.base/com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:1059)
        at java.base/com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:945)
        at java.base/com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:491)
        at java.base/javax.crypto.CipherSpi.bufferCrypt(CipherSpi.java:779)
        at java.base/javax.crypto.CipherSpi.engineDoFinal(CipherSpi.java:730)
        at java.base/javax.crypto.Cipher.doFinal(Cipher.java:2497)
        at java.base/sun.security.ssl.SSLCipher$T13GcmReadCipherGenerator$GcmReadCipher.decrypt(SSLCipher.java:1929)
        at java.base/sun.security.ssl.SSLSocketInputRecord.decodeInputRecord(SSLSocketInputRecord.java:264)
        at java.base/sun.security.ssl.SSLSocketInputRecord.decode(SSLSocketInputRecord.java:181)
        at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:111)
        ... 32 more
phax / peppol-commons

Tag mismatch SSL error when trying to connect to SMK #44
