Default ssl context init failed: Cannot resolve key

Hi, I get this SSL Exception when I try to run my server using
ssl socket:
"default ssl context init failed: Cannot resolve key"
it is thrown at this line: "sslServerFactory.createServerSocket(port)"
I created a kestore and trustore files using 'keytool' and the step by step from the Jsse reference guide:
http://java.sun.com/j2se/1.4/docs/guide/security/jsse/JSSERefGuide.html#CreateKeystore
why do I get this exception and how to solve it, thank you.
Yves

SSL error messages are sometimes cryptic.
Set:
System.getProperties().put("javax.net.debug","all");to really see what is happening.
Cheers'
Kullervo

Similar Messages

Error- isDefault SSL context init failed : Cannot recover key

Hi,
We are trying to run a sample HTTPS request from client to Server using SSL.
Below is the the code we used to run Client program which will communicate with HTTPS server (Server Socket which will accept connections)
Basically we created a server certificate inside Https server program and that will be exported and imported into Client directory.
Finally when we run below client program means its giving below error
Error- isDefault SSL context init failed : Cannot recover key
Can anybody please help me to run this program successfully?If we you give some basic steps to check the settings what needs to be set before running this program.?
Client Program
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider() );
System.setProperty("javax.net.ssl.keyStore", "D:\\JavaR&D\\Rajiv\\server\\serverkeys");
System.setProperty("javax.net.ssl.keyStoreType" ,"JKS"); /* ,"pkcs12" */
System.setProperty("javax.net.ssl.keyStorePassword","welcome");
System.setProperty("javax.net.ssl.trustStore" , "C:\\j2sdk1.5.0\\jre\\lib\\security\\cacerts");
System.setProperty("javax.net.ssl.trustStorePassword" , "clientpass");
System.setProperty("javax.net.ssl.trustStoreType","JKS"); /* ,"pkcs12" */
System.setProperty("java.protocol.handler.pkgs" ,"com.sun.net.ssl.internal.www.protocol");
com.sun.net.ssl.HostnameVerifier hv=new com.sun.net.ssl.HostnameVerifier() {
public boolean verify(String urlHostname, String certHostname) {
System.out.println("urlHostname >>" + urlHostname +"<<");
System.out.println("certHostname >>" + certHostname +"<<");
System.out.println("WARNING: Hostname is not matched for cert.");
return true;
com.sun.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(hv);
SSLSocketFactory factory = (SSLSocketFactory)SSLSocketFactory.getDefault();
// server = (SSLServerSocket) factory.createServerSocket(portNumber);
System.out.println("above socketcreation");
SSLSocket socket = (SSLSocket)factory.createSocket("172.16.56.227",8443);
Server Program

Is there some kind of timeline that I can expect 8.1 to ship in?
I appreciate being informed that this is a known issue and all, but without giving me a timeframe to expect a fix in, how can you possibly expect me to continue to pursue your products as viable options?
To tell me to wait for 8.1, without giving me a timeframe or any further details is simply put in one word. Amatuer.
What kind of response is this? What am I supposed to tell my supervisor? How am I supposed to explain to upper management that the application server they're telling us to use is incapable of handling the use cases our business functions require? What do you want me to do, tell them to wait for the next release without being able to give them a ballpark figure? We're a small team, us Java guys. We've already invested months is moving to a new platform. Now that platform is failing us, and the vendor hasn't got any better response than, "Oh yeah, our bad. We'll fix it next time... whenever that is..."
If 8.1 is as half-baked as 8.0 is (BTW your deploytool is a broken piece of junk. I can reliably crash the thing in under 10 seconds) then I don't have a lot of hope for 8.1. You can bet I sure as heck won't be holding my breath for it.
Looks like it's time to investigate the other vendors that support J2EE 1.4. Something tells me I'll have better luck with WebSphere. The hard part there will be selling managment on the idea. At least IBM is notoriously forward with their clients, even if they are expensive.
All I'm asking for now is a timeframe for 8.1. When can we expect it? If it's before I expect to -have- to have this stuff in production I may be able to wait... but at this point, I'm disgruntled enough to not bother.
Maybe we should investigate moving to .net. At least then when the vendor screws me I'll be expecting it.

Problem in running j2ee programs with SSL: SSL context init failed : cannot

Hi,
I am just trying to run some servlet program that creates some SSL socket to communicate with a server. I have configured my java.security file but when i run my rpogram i get this error
SSL context init failed : cannot recover key.i am using SunJSSE provider
Plz help me and i am confused as in how to enable jsse in my sun java system app server platform edition.
Waiting for ur replies!
Thanks,
Akshatha

I got this error last week.
The problem was that the keystore I was pointing to, was in other location, so it could not initialize the default context.
I had defined ...
String CLIENT_CERTIFPATH = getParam("client.certificate.path", "/users/pridas/myKeystoreFile");
// getParam extracts the location of the keystore from a text file which contains some configuration parameters. The default value will be /users/pridas/myKeystoreFile
In my case, I will try to develop a secure SOAP conexion using certificates.
Before to try the conexion, I defined ...
System.setProperty("javax.net.ssl.trustStore", CLIENT_CERTIFPATH);
System.setProperty("javax.net.ssl.keyStore", CLIENT_CERTIFPATH);
... and the problem when I got this error ... the keystore file was not in the correct location.
That was how I resolved this error.
I hope everybody will be oriented about this kind of errors.
Salu2.

SSL - Default SSL context init failed: null - need help with code

Hi!
Once Again I have problems with SSL.
I read something about SSL here:
http://www.javaalmanac.com/egs/javax.net.ssl/Server.html
Now I tried to test this stuff, that resulted in this program (I simply tried to put the SSL stuff from the above code in a small skeleton):
import java.io.*;
import java.net.*;
import java.security.*;
import javax.net.ssl.*;
import javax.net.*;
public class MyServer
     public static void main(String arguments[])
     try
          int port = 443;
          ServerSocketFactory ssocketFactory = SSLServerSocketFactory.getDefault();
          ServerSocket ssocket = ssocketFactory.createServerSocket(port);
          // Listen for connections
          Socket socket = ssocket.accept();
          System.out.println("Connected successfully");
          // Create streams to securely send and receive data to the client
          InputStream in = socket.getInputStream();
          OutputStream out = socket.getOutputStream();
          // Read from in and write to out...
          // Close the socket
          in.close();
          out.close();
     catch(IOException e)
          System.out.println("GetMessage() = "+e.getMessage());
          e.printStackTrace();
}     Now I compiled this stuff with : 'javac MyServer.java' - there were no errors. After this I run the program
with the following command (also taken from java almanac):
'java -Djavax.net.ssl.keyStore=mySrvKeystore -Djavax.net.ssl.keyStorePassword=123456 MyServer'
But if I run it, it reports:
"GetMessage() = Default SSL context init failed: null
java.net.SocketException: Default SSL context init failed: null
at javax.net.ssl.DefaultSSLServerSocketFactory.createServerSocket(Dasho
6275)
at MyServer.main(MyServer.java:15)"
createServerSocket() seems to be the wrong line, but what is wrong with it.
Is there any mistake in my code ?
Btw. I created my keystore etc. according to the instructions at
http://forum.java.sun.com/thread.jsp?forum=2&thread=528092&tstart=0&trange=15
Any help appreciated
Greets
dancing_coder

I got this error last week.
The problem was that the keystore I was pointing to, was in other location, so it could not initialize the default context.
I had defined ...
String CLIENT_CERTIFPATH = getParam("client.certificate.path", "/users/pridas/myKeystoreFile");
// getParam extracts the location of the keystore from a text file which contains some configuration parameters. The default value will be /users/pridas/myKeystoreFile
In my case, I will try to develop a secure SOAP conexion using certificates.
Before to try the conexion, I defined ...
System.setProperty("javax.net.ssl.trustStore", CLIENT_CERTIFPATH);
System.setProperty("javax.net.ssl.keyStore", CLIENT_CERTIFPATH);
... and the problem when I got this error ... the keystore file was not in the correct location.
That was how I resolved this error.
I hope everybody will be oriented about this kind of errors.
Salu2.

Default SSL context init failed: null

Hi all,
I am trying to open a SSL connection from a tomcat server (called it TC1) that locate within a DMZ to the other tomcat server (called it TC2) which is located in external network.
I got the following in the TC1 system.out,
WARNING: Servlet.service() for servlet HelloWorld threw exception
java.net.SocketException: Default SSL context init failed: null
at javax.net.ssl.DefaultSSLSocketFactory.createSocket(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect
(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Sou
rce)
at HelloWorld.doGet(HelloWorld.java:20)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:252)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV
alve.java:214)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
alve.java:178)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
ava:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
ava:105)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
ve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav
a:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java
:825)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.proce
ssConnection(Http11Protocol.java:738)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpo
int.java:526)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFol
lowerWorkerThread.java:80)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadP
ool.java:684)
at java.lang.Thread.run(Unknown Source)
Here is the servlet i place in TC1 which open a SSL connection to TC2.
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.net.URL;
import java.net.URLConnection;
public class HelloWorld extends HttpServlet {
public void doGet(HttpServletRequest request,HttpServletResponse response) throws ServletException, IOException {
    PrintWriter out = response.getWriter();
    out.println("Hello World");
    URL url = new URL("https://154.123.23.10:8443");
    URLConnection con = url.openConnection();
    con.connect();
}I have used java keytool to generate a self-signed cert and also a keystore in TC2. Below is the Connector element of the server.xml of TC2
<Connector port="8443"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="C:\program files\Tomcat 5.5.7\keystore\.keystore"/>
I also imported the self-signed cert into the truststore of machine which host the TC1. The place i store the self-signed cert of TC2 is jre_home\lib\security\cacerts
Does anyone know how to resolve the exception "java.net.SocketException: Default SSL context init failed: null" I mentioned above?
Thanks for your help
Feng

I had the same problem (tomcat was acting as an axis client), I resolved it by adding -Djavax.net.debug=all to my CATALINA_OPTS in the startup-skript
=> Then I got the message, that the keystrore/truststore could not be found.
That was the problem - and now the context null is gone ;)
CATALINA_OPTS=-Djavax.net.ssl.trustStore=ABSOLUTE_LOCATION_TO_TRUSTSTORE -Djavax.net.ssl.keyStore=ABSOLUTE_LOCATION_TO_KEYSTORE -Djavax.net.ssl.keyStorePassword=********
-Djavax.net.ssl.keyStoreType=jks
-Djava.protocol.handler.pkgs=javax.net.ssl
-Djavax.net.debug=allGood luck !
SuCkerD

Default SSL context init failed: jks

Hello to all.
This is my first post in the Sun forums. I am a C++ programmer migrating to Java.
I am writting a SSL client that connects to my SSL-speaking daemon. The code I am
trying is from examples across the internet:
---CODE BEGINS---
import javax.net.ssl.*;
import javax.net.*;
import java.net.*;
import java.io.*;
public class FirstClass {
public static void main(String[] args) {
FirstClass firstClass1 = new FirstClass();
try {
int port = 4433;
String hostname = "localhost";
SocketFactory socketFactory = SSLSocketFactory.getDefault();
Socket socket = socketFactory.createSocket(hostname, port);
// Create streams to securely send and receive data to the server
InputStream in = socket.getInputStream();
OutputStream out = socket.getOutputStream();
// Read from in and write to out...
// Close the socket
in.close();
out.close();
} catch(IOException e) {
System.out.println("Exception: " + e.getMessage());
---CODE ENDS---
Everything goes okay in the build process, the problem is like the topic says a problem
with the creatinon of the SSL context. Also, I run it with the appropriate params as in:
---CMD BEGINS---
java \
-Djavax.net.debug=ssl \
-Djavax.net.ssl.keyStore=serverKeyStore \
-Djavax.net.ssl.keyPassword=123456 \
MySSLExample
---CMD ENDS---
I have the serverKeyStore that I created with keytool and the password is
really 123456 (tuff one, huh?). The output is:
---OUTPUT BEGINS---
keyStore is : serverKeyStore
keyStore type is : jks
init keystore
default context init failed: java.security.KeyStoreException: jks
Exception: Default SSL context init failed: jks
---OUTPUT ENDS---
I really don't care for trusting the certificates, I only want some kind of encryption
on the data channels (in/out) so I could ignore the verification of the certificates.
I also found someone on a forum that asked the same I am now, but he latter posted
that he found the solution and left... with no solution posted.
Thanks for any help out there,
Rodrigo Madera

Try
-Djavax.net.ssl.keyStorePassword=123456
instead of
-Djavax.net.ssl.keyPassword=123456

Default SSL context init failed: Invalid keystore format

Hi, I can't connect to my ldap server. The problem is ssl. I'm trying to do this:
import java.io.IOException;
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.ldap.LdapContext;
public class TestAuthentifikation {
    public static void main (String [] args) throws IOException {
           try {
                Hashtable env = new Hashtable();
                env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
                env.put(Context.PROVIDER_URL, "ldaps://subdomain.dyndns.org:636/");
                env.put(Context.SECURITY_PRINCIPAL, "uid=user,ou=users,dc=subdomain,dc=dyndns,dc=org");
                env.put(Context.SECURITY_CREDENTIALS, "passwd");
                env.put(Context.SECURITY_AUTHENTICATION, "simple");
                env.put(Context.SECURITY_PROTOCOL, "ssl");
                java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
                System.setProperty("javax.net.ssl.keyStore", "/usr/lib/j2se/1.4/jre/lib/security/cacerts");
                System.setProperty("javax.net.ssl.trustStore","/usr/lib/j2se/1.4/jre/lib/security/cacerts");
                env.put(LdapContext.CONTROL_FACTORIES, "com.sun.jndi.ldap.ControlFactory");
                DirContext ctx = new InitialDirContext(env);
                //use ctx....
                // Close the context when we're done
                ctx.close();
              catch(NamingException ne) {
                System.err.println(ne);
                ne.printStackTrace();
}The exception is this:
javax.naming.CommunicationException: subdomain.dyndns.org:636 [Root exception is java.net.SocketException: Default SSL context init failed: Invalid keystore format]
        at com.sun.jndi.ldap.Connection.<init>(Connection.java:194)
        at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:119)
        at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1668)
        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2599)
        at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:290)On the server I have created this ldap_crt.pem file:
openssl req -x509 -days 3650 -newkey rsa:2048 -nodes -keyout ldap_key.pem -keyform PEM -out ldap_crt.pem -outform PEMwhich sits on the clients /etc/ssl/certs directory. Like this I can connect with a ldap browser to the server.
I should do something like this:
keytool -import -alias AUTH_CA -file rootcert.crt -keystore /usr/lib/j2se/1.4/jre/lib/security/cacertsHow do I get this rootcert.crt file?
I did this and changed the keystore from cacerts to mycacerts in the java class file:
sudo keytool -import -alias AUTH_CA -file /etc/ssl/certs/ldap_crt.pem -keystore /usr/lib/j2se/1.4/jre/lib/security/mycacertsThen I get this:
javax.naming.CommunicationException: simple bind failed: subdomain.dyndns.org:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: *No trusted certificate found*]
        at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:198)
        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2640)
        at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:290)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
Edited by: borobudur on May 18, 2008 7:09 AM

Just a permission problem! Take care that your process can write on the keystore/truststore.

Default SSL context init failed:

Hi All,
i got this problem in my Web services client, i have installed correct certificate and jar deployment for the same. but there is no solution for the same.
so please help us to solve this issue as soon as possible.
AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: java.net.SocketException: Default SSL context init failed: null
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:java.net.SocketException: Default SSL context init failed: null
at javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:156)
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:92)
at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at com.ibm.ivr.webservices.IVRCDBServiceSoapBindingStub.getCustomerProfile(IVRCDBServiceSoapBindingStub.java:442)
at com.gl.nortel.ivr.service.invoker.cdb.CDBServiceHandler.invokeMobilitySOAPRPCService(CDBServiceHandler.java:269)
at com.gl.nortel.ivr.service.invoker.cdb.CDBServiceHandler.invokeSOAPRPCService(CDBServiceHandler.java:148)
at com.gl.nortel.ivr.service.invoker.cdb.CDBStaticServicesInvoker.fetchCustomerProfile(CDBStaticServicesInvoker.java:201)
at com.gl.nortel.ivr.service.invoker.cdb.CDBStaticServicesInvoker.getCustomerProfile(CDBStaticServicesInvoker.java:102)
at sun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at com.peri.rnd.jsb.Jsb$MethodCall.invoke(Jsb.java:1054)
at com.peri.rnd.jsb.Jsb$Client.invokeMethod(Jsb.java:1269)
at com.peri.rnd.jsb.Jsb$Client.handleSendResource(Jsb.java:1398)
at com.peri.rnd.jsb.Jsb$Client.run(Jsb.java:1552)
at java.lang.Thread.run(Thread.java:595)
{http://xml.apache.org/axis/}hostname:PNQAP22216
java.net.SocketException: Default SSL context init failed: null
at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at com.ibm.ivr.webservices.IVRCDBServiceSoapBindingStub.getCustomerProfile(IVRCDBServiceSoapBindingStub.java:442)
at com.gl.nortel.ivr.service.invoker.cdb.CDBServiceHandler.invokeMobilitySOAPRPCService(CDBServiceHandler.java:269)
at com.gl.nortel.ivr.service.invoker.cdb.CDBServiceHandler.invokeSOAPRPCService(CDBServiceHandler.java:148)
at com.gl.nortel.ivr.service.invoker.cdb.CDBStaticServicesInvoker.fetchCustomerProfile(CDBStaticServicesInvoker.java:201)
at com.gl.nortel.ivr.service.invoker.cdb.CDBStaticServicesInvoker.getCustomerProfile(CDBStaticServicesInvoker.java:102)
at sun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at com.peri.rnd.jsb.Jsb$MethodCall.invoke(Jsb.java:1054)
at com.peri.rnd.jsb.Jsb$Client.invokeMethod(Jsb.java:1269)
at com.peri.rnd.jsb.Jsb$Client.handleSendResource(Jsb.java:1398)
at com.peri.rnd.jsb.Jsb$Client.run(Jsb.java:1552)
at java.lang.Thread.run(Thread.java:595)
Caused by: java.net.SocketException: Default SSL context init failed: null
at javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:156)
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:92)
at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
... 22 more

Help yourself. Start by doing some proper research. Paste 'java.net.SocketException: Default SSL context init failed: null' into google and see what you get: I did and I got plenty of hits.

Default SSL context init failed: DerInputStream.getLength(): lengthTag=109,

Hi
I am trying to connect to an https:// url using java (digital certificates) and send an xml file to it and get the response..
I have server certificate stored in our m/c..and password..
I am getting following exception ->>>
Default SSL context init failed: DerInputStream.getLength(): lengthTag=109, too big.
It is arising from the following line of the code ->
OutputStream ops = (OutputStream) servletConnection.getOutputStream();
Could anyone provide me the soln ASAP..its urgent...

See my reply to http://forum.java.sun.com/thread.jspa?threadID=5245161&tstart=0

Package install fails (cannot resolve gpgme)

I am using the latest netinstall image (2011.08.19)
When I get to installing packages, I get this error:
Cannot resolve "gpgme", a dependency of "pacman"

Never-mind, updating the install environment is definitely not working.
While the install environment updates just like any other already installed arch system, once I get it all up to date, running the install script breaks. /arch/setup starts the install dialog like normal, but when I go to select the first step, I get an error:
ERROR: ask_checklist makes only sense if you specify at least 1 thing (tag,item and ON/OFF switch)
after which I get kicked back out to the shell. I'm assuming that something I updated isn't backwards compatible with something in /arch/setup, but that's as far as my knowledge of this goes.
If anyone else has ideas, I'll give them a shot.

Default SSL Context Protocol on Java 1.4.2

What is the default SSLContext for Java 1.4.2? Specifically, if I use the default SSLSocketFactory, the SSLContext is automatically created behind the scenes. The protocols supported on this version are:
SSL
SSLv3
TLS
TLSv1
I am moving away from the default SSLSocketFactory, but am wanting to ensure I am using identical protocols as before.
Thanks.

Good question. I thought it was written down somewhere but I can't find it, so I must just put it down to experience. Also, TLS supports SSLv3 by backwards compatibility so this would be the most logical default.

SSL Init failed: Keystore was tampered with, or password was incorrect

Hi all,
I encountered the following error while I try to get the output stream to write out the content into an HTTPS connection.
java.net.SocketException: Default SSL context init failed: Keystore was tampered with, or password was incorrect
     at javax.net.ssl.DefaultSSLSocketFactory.createSocket(Unknown Source)
     at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
     at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
     at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown Source)
     at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown Source)Below is my code to achieve the sending of the content to the HTTPS connection.
public void sendMessage(Properties headers, byte[] content) throws Exception
    try
      addRequestHeaders(headers);
      _conn.setRequestMethod("POST");
      _conn.setDoInput(true);
      _conn.setDoOutput(true);
      OutputStream os = _conn.getOutputStream();//this line lead to the exception
      os.write(content);
      _respCode = _conn.getResponseCode();
      _respMsg = _conn.getResponseMessage();
    catch (IOException ex)
      throw ex
}Due to the server is deployed in clustered env, I have put the truststore and keystore in a shared folder which allows the nodes to access. Thus in my code I have set the truststore, keystore location and the truststore, keystore password in the System properties as follow.
      System.setProperty("javax.net.ssl.keyStore", getKeyStore());
      System.setProperty("javax.net.ssl.keyStorePassword", getKeyStorePass());
      System.setProperty("javax.net.ssl.trustStore", getTrustStore());
      System.setProperty("javax.net.ssl.trustStorePassword", getTrustStore());The getKeyStore() and getTrustStore() will be returned the path to the shared folder which contain the truststore/keystore respectively.
The keystore tampered error only happened intermitently. I am sure that my keystore and truststore password is set correctly.
Could I know that is the keystore designed in a way that it can be accessed by multiple thread? will there be any file locking on the keystore while two thread trying to init the HTTPS and eventually cause the keystore tampered problem?
Thanks

In my case, I am certain that all fields are correct, because the code works half the time. The thing is my code is running inside Tomcat (as a servlet); I am noticing that whenever I update my Jar with any code change and restart Tomcat, I am hitting this issue intermittently. Another update-and-restart sometimes solves the problem & my connection establishment is successful.
There are 2 key things I would like to know:
1) Difference b/w the exception messages "<span class="jive-subject"> Keystore was tampered with, or password was incorrect
" and " failed to decrypt safe contents entry ".
2) Whether any caching is going on because of Tomcat being in the picture (although I am not at all sure why this should happen).
Would love to get through with this ASAP. Please let me know your thoughts if any.
Thanks,
Vivek

Cannot access to any site with ssl connection and fail to open safari and keychain, unless restart computer and login in with Guest account.

when Update to 10.7.2 ,I cannot access to any site with ssl connection and fail to open safari and keychain, unless restart computer and login in with Guest account.
OS:10.7.2
Macbook Pro 2010-mid 13inch

I also have the same problem, however if I use Firefox or Opera sites with ssl connection work fine. Still, I can't use Google Chrome (ssl), Safari (ssl), the Mac app store (generally), or the iTunes store (generally). Both the iTunes store, Safari and the app store won't respond, and Chrome displays this error: (net::ERR_TIMED_OUT). The problem persists regardless of what network I'm using. Also, when trying to access the keychain or iCloud, the process will not start (will hang). I didn't have these problems at all before updating to 10.7.2.
Sometimes rebooting helps, and sometimes not. If the problem disappears by rebooting, then it only lasts a few minutes before it reappears. It is very frustrating, especially since there doesn't seem to be any obvious or consistent way of which to fix it.
I'm also using a Macbook Pro 13-inch mid 2010.

TNS-03505: Failed to resolve name .. cannot connect using TCPS on 2484

Hello All,
Am fighting for last few hours on this.. cannot tnsping over TCPS using secured port 2484. Need to get the wallet working..
The tnsnames.ora file..
==============
webserver:/vol01/app/oracle/product/10.2.0/network/admin> cat tnsnames.ora
GMACPREPROD =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = 10.59.100.253)(PORT = 1521))
(CONNECT_DATA =
(SID = GWH22)
GMACPP =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCPS)(HOST = 10.59.100.253)(PORT = 2484)))
(CONNECT_DATA = (SID = GWH22))
The sqlnet.ora..
==========
webserver:/vol01/app/oracle/product/10.2.0/network/admin> cat sqlnet.ora
# sqlnet.ora Network Configuration File: /vol01/app/oracle/product/10.2.0/network/admin/sqlnet.ora
# Generated by Oracle configuration tools.
#NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
SQLNET.AUTHENTICATION_SERVICES=(TCPS,NTS)
SSL_CLIENT_AUTHENTICATION = FALSE
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA = (DIRECTORY = /usr/local/oracle/client_wallet))
SSL_CIPHER_SUITES= (SSL_RSA_WITH_AES_128_CBC_SHA, SSL_DH_anon_WITH_3DES_EDE_CBC_SHA)
The Tnspings to these two TNS-entries.. as per Tnsnames.ora file..
=========================================
webserver:/vol01/app/oracle/product/10.2.0/network/admin> tnsping GMACPREPROD
TNS Ping Utility for Solaris: Version 10.2.0.4.0 - Production on 08-AUG-2011 12:10:22
Copyright (c) 1997, 2007, Oracle. All rights reserved.
Used parameter files:
/vol01/app/oracle/product/10.2.0/network/admin/sqlnet.ora
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = 10.59.100.253)(PORT = 1521))) (CONNECT_DATA = (SID = GWH22)))
OK (10 msec)
webserver:/vol01/app/oracle/product/10.2.0/network/admin> tnsping GMACPP
TNS Ping Utility for Solaris: Version 10.2.0.4.0 - Production on 08-AUG-2011 12:09:58
Copyright (c) 1997, 2007, Oracle. All rights reserved.
Used parameter files:
/vol01/app/oracle/product/10.2.0/network/admin/sqlnet.ora
TNS-03505: Failed to resolve name
Now the directory contents of the wallet..
webserver:/vol01/local/oracle> ls -ltr
total 58
drwxr-xr-x 2 oracle dba 512 Apr 11 16:35 client_wallet
drwxr-xr-x 3 oracle dba 512 Jul 12 06:06 product
-rwxrwxr-x 1 oracle dba 27648 Aug 4 08:16 server_wallet.tar
webserver:/vol01/local/oracle> ls -lrt client_wallet
total 48
-rwxr--r-- 1 oracle dba 422 Apr 6 11:55 server_ca_usplgmacdb001.cert
-rw-r--r-- 1 oracle dba 322 Apr 6 11:56 server_wallet.info
-rw-r--r-- 1 oracle dba 423 Apr 6 16:41 steve_client_ca.cert
-rwxr-xr-x 1 oracle dba 609 Apr 11 16:35 bzbbd3.cert
-rw------- 1 oracle dba 10181 Apr 11 16:37 ewallet.p12
-rw------- 1 oracle dba 10210 Apr 11 16:37 cwallet.sso
Am still groping in the dark.. please help.. am I missing anything?
Best Regards,
Abhijit

Hi,
Thanks for your reply..
Nope.. just had set earlier $ORACLE_HOME and added the $ORACLE_HOME/bin into the $PATH. So I will set up TNS_ADMIN in the oracle user environment.. is that all I need to do?
Dont have any access to the server environment as I have to work through a shared desktop(taking control) :(
Regards,
Abhijit

SSL: how to use Multiple Private key/Certificate pair for authentication.

Hi all,
i am implementing SSL in java using X509 Certificate/private key combination.
i have two set of private key/certificate pair.
one is factory default and another is generated at run time.
my problem is to try ssl connection with both pairs on same tcp/ip connection.
e.g. on server side: first try ssl connection with factory default certificate, if it fails try connecting with generated certificate on same tcp/ip connection.
on client side: if generated certificate(this certificate was generated at server side) is present first perform server authentication using this certificate otherwise authenticate server with factory default certificate.
can someone please help and let me know how do i need to configure both ends(client and server) for achieving the same.
Thanks In Advance
Saurabh Ahuja

Client code does not contain any default truststore and needs a certificate for authentication.Of course it does. OpenSSL has a way of doing that: some kind of equivalent for the truststore. None of the stuff you've posted here about generating certificates at runtime has any bearing on that problem.
It's like this. The idea of PKI with SSL is as follows:
- the server has a private key and a signed certificate. Preferably it's signed by a CA that the client already trusts, otherwise if it's self-signed it has to be exported from the server's keystore and imported into the truststores of all the clients.
- the client has a truststore that trusts the server, one way or the other, see above.
- the server's private key is private to it. Nobody else has it. Nobody else can ever get it. If it ever leaks, the server is compromised, and server authentication via that private key now means absolutely nothing. You have lost security.
- the server sends its cert to the client along with a digital signature signed by its private key.
- the client (a) decides whether it trusts the cert, via its truststore, and (b) verifies the digital signature, which establishes that the server owns the certificate.
At this point the server is authenticated to the client and the SSL connection is open. It can now be used as an ordinary socket connection.
If you want client authentication too, you need all the above in reverse as well, i.e. reading server for client and client for server throughout. Note particularly that each client must have its own private key. Otherwise the private key isn't private, so signing something with it doesn't establish ownership, so client authentication isn't valid.
You need to understand all this stuff and relate it to the apparently broken security design of your application. Generating a private key and a certificate at runtime is complete nonsense within the context of PKI and SSL. It proves nothing, establishes nothing, authenticates nothing; it just wastes time.

Default ssl context init failed: Cannot resolve key

Similar Messages

Maybe you are looking for