I ran into a problem using Java SSL library javax.net.ssl.keyStore. The code being used is similar, though not identical, to the technique found here (http://www.kobu.com/oneday/javassl/sslecho-en.htm). We created a CSR using keytool (here is a useful URL if you are working on this: http://www.sslshopper.com/article-most-common-java-keytool-keystore-commands.html), submitted it to Verisign, and got back the signed certificate. However, after importing the cert trail and the cert into the keystore, I could not get it to work, getting some exceptions such as:
Anyway, to make a long story short, the problem was that the keystore and the key had different passwords. I went back to a copy of the keystore from after the CSR had been generated, but before the import. I then changed the key's password to match the keystore, re-imported everything, and it all worked. Interestingly, the inverse (making the key pass match the keystore pass) did not work.
Exception in thread "main" java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
at javax.net.ssl.DefaultSSLServerSocketFactory.throwException(SSLServerSocketFactory.java:142)
at javax.net.ssl.DefaultSSLServerSocketFactory.createServerSocket(SSLServerSocketFactory.java:149)
at server.run(server.java:53)
at server.main(server.java:29)
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
at java.security.Provider$Service.newInstance(Provider.java:1245)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:220)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:147)
at javax.net.ssl.SSLContext.getInstance(SSLContext.java:125)
at javax.net.ssl.SSLContext.getDefault(SSLContext.java:68)
at javax.net.ssl.SSLServerSocketFactory.getDefault(SSLServerSocketFactory.java:96)
at server.run(server.java:49)
... 1 more
Anyway, to make a long story short, the problem was that the keystore and the key had different passwords. I went back to a copy of the keystore from after the CSR had been generated, but before the import. I then changed the key's password to match the keystore, re-imported everything, and it all worked. Interestingly, the inverse (making the key pass match the keystore pass) did not work.
There may be other ways around this, but there was precious little useful information about this specific problem, so I thought I'd share my solution.
No comments:
Post a Comment