Default SSL context init failed: Invalid keystore format
Hi, I can't connect to my ldap server. The problem is ssl. I'm trying to do this:
import java.io.IOException;
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.ldap.LdapContext;
public class TestAuthentifikation {
public static void main (String [] args) throws IOException {
try {
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldaps://subdomain.dyndns.org:636/");
env.put(Context.SECURITY_PRINCIPAL, "uid=user,ou=users,dc=subdomain,dc=dyndns,dc=org");
env.put(Context.SECURITY_CREDENTIALS, "passwd");
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PROTOCOL, "ssl");
java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
System.setProperty("javax.net.ssl.keyStore", "/usr/lib/j2se/1.4/jre/lib/security/cacerts");
System.setProperty("javax.net.ssl.trustStore","/usr/lib/j2se/1.4/jre/lib/security/cacerts");
env.put(LdapContext.CONTROL_FACTORIES, "com.sun.jndi.ldap.ControlFactory");
DirContext ctx = new InitialDirContext(env);
//use ctx....
// Close the context when we're done
ctx.close();
catch(NamingException ne) {
System.err.println(ne);
ne.printStackTrace();
}The exception is this:
javax.naming.CommunicationException: subdomain.dyndns.org:636 [Root exception is java.net.SocketException: Default SSL context init failed: Invalid keystore format]
at com.sun.jndi.ldap.Connection.<init>(Connection.java:194)
at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:119)
at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1668)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2599)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:290)On the server I have created this ldap_crt.pem file:
openssl req -x509 -days 3650 -newkey rsa:2048 -nodes -keyout ldap_key.pem -keyform PEM -out ldap_crt.pem -outform PEMwhich sits on the clients /etc/ssl/certs directory. Like this I can connect with a ldap browser to the server.
I should do something like this:
keytool -import -alias AUTH_CA -file rootcert.crt -keystore /usr/lib/j2se/1.4/jre/lib/security/cacertsHow do I get this rootcert.crt file?
I did this and changed the keystore from cacerts to mycacerts in the java class file:
sudo keytool -import -alias AUTH_CA -file /etc/ssl/certs/ldap_crt.pem -keystore /usr/lib/j2se/1.4/jre/lib/security/mycacertsThen I get this:
javax.naming.CommunicationException: simple bind failed: subdomain.dyndns.org:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: *No trusted certificate found*]
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:198)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2640)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:290)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
Edited by: borobudur on May 18, 2008 7:09 AM
Just a permission problem! Take care that your process can write on the keystore/truststore.
Similar Messages
-
SSL - Default SSL context init failed: null - need help with code
Hi!
Once Again I have problems with SSL.
I read something about SSL here:
http://www.javaalmanac.com/egs/javax.net.ssl/Server.html
Now I tried to test this stuff, that resulted in this program (I simply tried to put the SSL stuff from the above code in a small skeleton):
import java.io.*;
import java.net.*;
import java.security.*;
import javax.net.ssl.*;
import javax.net.*;
public class MyServer
public static void main(String arguments[])
try
int port = 443;
ServerSocketFactory ssocketFactory = SSLServerSocketFactory.getDefault();
ServerSocket ssocket = ssocketFactory.createServerSocket(port);
// Listen for connections
Socket socket = ssocket.accept();
System.out.println("Connected successfully");
// Create streams to securely send and receive data to the client
InputStream in = socket.getInputStream();
OutputStream out = socket.getOutputStream();
// Read from in and write to out...
// Close the socket
in.close();
out.close();
catch(IOException e)
System.out.println("GetMessage() = "+e.getMessage());
e.printStackTrace();
} Now I compiled this stuff with : 'javac MyServer.java' - there were no errors. After this I run the program
with the following command (also taken from java almanac):
'java -Djavax.net.ssl.keyStore=mySrvKeystore -Djavax.net.ssl.keyStorePassword=123456 MyServer'
But if I run it, it reports:
"GetMessage() = Default SSL context init failed: null
java.net.SocketException: Default SSL context init failed: null
at javax.net.ssl.DefaultSSLServerSocketFactory.createServerSocket(Dasho
6275)
at MyServer.main(MyServer.java:15)"
createServerSocket() seems to be the wrong line, but what is wrong with it.
Is there any mistake in my code ?
Btw. I created my keystore etc. according to the instructions at
http://forum.java.sun.com/thread.jsp?forum=2&thread=528092&tstart=0&trange=15
Any help appreciated
Greets
dancing_coderI got this error last week.
The problem was that the keystore I was pointing to, was in other location, so it could not initialize the default context.
I had defined ...
String CLIENT_CERTIFPATH = getParam("client.certificate.path", "/users/pridas/myKeystoreFile");
// getParam extracts the location of the keystore from a text file which contains some configuration parameters. The default value will be /users/pridas/myKeystoreFile
In my case, I will try to develop a secure SOAP conexion using certificates.
Before to try the conexion, I defined ...
System.setProperty("javax.net.ssl.trustStore", CLIENT_CERTIFPATH);
System.setProperty("javax.net.ssl.keyStore", CLIENT_CERTIFPATH);
... and the problem when I got this error ... the keystore file was not in the correct location.
That was how I resolved this error.
I hope everybody will be oriented about this kind of errors.
Salu2. -
Default SSL context init failed: jks
Hello to all.
This is my first post in the Sun forums. I am a C++ programmer migrating to Java.
I am writting a SSL client that connects to my SSL-speaking daemon. The code I am
trying is from examples across the internet:
---CODE BEGINS---
import javax.net.ssl.*;
import javax.net.*;
import java.net.*;
import java.io.*;
public class FirstClass {
public static void main(String[] args) {
FirstClass firstClass1 = new FirstClass();
try {
int port = 4433;
String hostname = "localhost";
SocketFactory socketFactory = SSLSocketFactory.getDefault();
Socket socket = socketFactory.createSocket(hostname, port);
// Create streams to securely send and receive data to the server
InputStream in = socket.getInputStream();
OutputStream out = socket.getOutputStream();
// Read from in and write to out...
// Close the socket
in.close();
out.close();
} catch(IOException e) {
System.out.println("Exception: " + e.getMessage());
---CODE ENDS---
Everything goes okay in the build process, the problem is like the topic says a problem
with the creatinon of the SSL context. Also, I run it with the appropriate params as in:
---CMD BEGINS---
java \
-Djavax.net.debug=ssl \
-Djavax.net.ssl.keyStore=serverKeyStore \
-Djavax.net.ssl.keyPassword=123456 \
MySSLExample
---CMD ENDS---
I have the serverKeyStore that I created with keytool and the password is
really 123456 (tuff one, huh?). The output is:
---OUTPUT BEGINS---
keyStore is : serverKeyStore
keyStore type is : jks
init keystore
default context init failed: java.security.KeyStoreException: jks
Exception: Default SSL context init failed: jks
---OUTPUT ENDS---
I really don't care for trusting the certificates, I only want some kind of encryption
on the data channels (in/out) so I could ignore the verification of the certificates.
I also found someone on a forum that asked the same I am now, but he latter posted
that he found the solution and left... with no solution posted.
Thanks for any help out there,
Rodrigo MaderaTry
-Djavax.net.ssl.keyStorePassword=123456
instead of
-Djavax.net.ssl.keyPassword=123456 -
Default SSL context init failed: null
Hi all,
I am trying to open a SSL connection from a tomcat server (called it TC1) that locate within a DMZ to the other tomcat server (called it TC2) which is located in external network.
I got the following in the TC1 system.out,
WARNING: Servlet.service() for servlet HelloWorld threw exception
java.net.SocketException: Default SSL context init failed: null
at javax.net.ssl.DefaultSSLSocketFactory.createSocket(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect
(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Sou
rce)
at HelloWorld.doGet(HelloWorld.java:20)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:252)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:173)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV
alve.java:214)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
alve.java:178)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
ava:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
ava:105)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
ve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav
a:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java
:825)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.proce
ssConnection(Http11Protocol.java:738)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpo
int.java:526)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFol
lowerWorkerThread.java:80)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadP
ool.java:684)
at java.lang.Thread.run(Unknown Source)
Here is the servlet i place in TC1 which open a SSL connection to TC2.
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.net.URL;
import java.net.URLConnection;
public class HelloWorld extends HttpServlet {
public void doGet(HttpServletRequest request,HttpServletResponse response) throws ServletException, IOException {
PrintWriter out = response.getWriter();
out.println("Hello World");
URL url = new URL("https://154.123.23.10:8443");
URLConnection con = url.openConnection();
con.connect();
}I have used java keytool to generate a self-signed cert and also a keystore in TC2. Below is the Connector element of the server.xml of TC2
<Connector port="8443"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
keystoreFile="C:\program files\Tomcat 5.5.7\keystore\.keystore"/>
I also imported the self-signed cert into the truststore of machine which host the TC1. The place i store the self-signed cert of TC2 is jre_home\lib\security\cacerts
Does anyone know how to resolve the exception "java.net.SocketException: Default SSL context init failed: null" I mentioned above?
Thanks for your help
FengI had the same problem (tomcat was acting as an axis client), I resolved it by adding -Djavax.net.debug=all to my CATALINA_OPTS in the startup-skript
=> Then I got the message, that the keystrore/truststore could not be found.
That was the problem - and now the context null is gone ;)
CATALINA_OPTS=-Djavax.net.ssl.trustStore=ABSOLUTE_LOCATION_TO_TRUSTSTORE -Djavax.net.ssl.keyStore=ABSOLUTE_LOCATION_TO_KEYSTORE -Djavax.net.ssl.keyStorePassword=********
-Djavax.net.ssl.keyStoreType=jks
-Djava.protocol.handler.pkgs=javax.net.ssl
-Djavax.net.debug=allGood luck !
SuCkerD -
Default SSL context init failed:
Hi All,
i got this problem in my Web services client, i have installed correct certificate and jar deployment for the same. but there is no solution for the same.
so please help us to solve this issue as soon as possible.
AxisFault
faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
faultSubcode:
faultString: java.net.SocketException: Default SSL context init failed: null
faultActor:
faultNode:
faultDetail:
{http://xml.apache.org/axis/}stackTrace:java.net.SocketException: Default SSL context init failed: null
at javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:156)
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:92)
at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at com.ibm.ivr.webservices.IVRCDBServiceSoapBindingStub.getCustomerProfile(IVRCDBServiceSoapBindingStub.java:442)
at com.gl.nortel.ivr.service.invoker.cdb.CDBServiceHandler.invokeMobilitySOAPRPCService(CDBServiceHandler.java:269)
at com.gl.nortel.ivr.service.invoker.cdb.CDBServiceHandler.invokeSOAPRPCService(CDBServiceHandler.java:148)
at com.gl.nortel.ivr.service.invoker.cdb.CDBStaticServicesInvoker.fetchCustomerProfile(CDBStaticServicesInvoker.java:201)
at com.gl.nortel.ivr.service.invoker.cdb.CDBStaticServicesInvoker.getCustomerProfile(CDBStaticServicesInvoker.java:102)
at sun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at com.peri.rnd.jsb.Jsb$MethodCall.invoke(Jsb.java:1054)
at com.peri.rnd.jsb.Jsb$Client.invokeMethod(Jsb.java:1269)
at com.peri.rnd.jsb.Jsb$Client.handleSendResource(Jsb.java:1398)
at com.peri.rnd.jsb.Jsb$Client.run(Jsb.java:1552)
at java.lang.Thread.run(Thread.java:595)
{http://xml.apache.org/axis/}hostname:PNQAP22216
java.net.SocketException: Default SSL context init failed: null
at org.apache.axis.AxisFault.makeFault(AxisFault.java:101)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:154)
at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
at org.apache.axis.client.Call.invoke(Call.java:2767)
at org.apache.axis.client.Call.invoke(Call.java:2443)
at org.apache.axis.client.Call.invoke(Call.java:2366)
at org.apache.axis.client.Call.invoke(Call.java:1812)
at com.ibm.ivr.webservices.IVRCDBServiceSoapBindingStub.getCustomerProfile(IVRCDBServiceSoapBindingStub.java:442)
at com.gl.nortel.ivr.service.invoker.cdb.CDBServiceHandler.invokeMobilitySOAPRPCService(CDBServiceHandler.java:269)
at com.gl.nortel.ivr.service.invoker.cdb.CDBServiceHandler.invokeSOAPRPCService(CDBServiceHandler.java:148)
at com.gl.nortel.ivr.service.invoker.cdb.CDBStaticServicesInvoker.fetchCustomerProfile(CDBStaticServicesInvoker.java:201)
at com.gl.nortel.ivr.service.invoker.cdb.CDBStaticServicesInvoker.getCustomerProfile(CDBStaticServicesInvoker.java:102)
at sun.reflect.GeneratedMethodAccessor41.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at com.peri.rnd.jsb.Jsb$MethodCall.invoke(Jsb.java:1054)
at com.peri.rnd.jsb.Jsb$Client.invokeMethod(Jsb.java:1269)
at com.peri.rnd.jsb.Jsb$Client.handleSendResource(Jsb.java:1398)
at com.peri.rnd.jsb.Jsb$Client.run(Jsb.java:1552)
at java.lang.Thread.run(Thread.java:595)
Caused by: java.net.SocketException: Default SSL context init failed: null
at javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:156)
at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:92)
at org.apache.axis.transport.http.HTTPSender.getSocket(HTTPSender.java:191)
at org.apache.axis.transport.http.HTTPSender.writeToSocket(HTTPSender.java:404)
at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:138)
... 22 moreHelp yourself. Start by doing some proper research. Paste 'java.net.SocketException: Default SSL context init failed: null' into google and see what you get: I did and I got plenty of hits.
-
Default SSL context init failed: DerInputStream.getLength(): lengthTag=109,
Hi
I am trying to connect to an https:// url using java (digital certificates) and send an xml file to it and get the response..
I have server certificate stored in our m/c..and password..
I am getting following exception ->>>
Default SSL context init failed: DerInputStream.getLength(): lengthTag=109, too big.
It is arising from the following line of the code ->
OutputStream ops = (OutputStream) servletConnection.getOutputStream();
Could anyone provide me the soln ASAP..its urgent...See my reply to http://forum.java.sun.com/thread.jspa?threadID=5245161&tstart=0
-
Default ssl context init failed: Cannot resolve key
Hi, I get this SSL Exception when I try to run my server using
ssl socket:
"default ssl context init failed: Cannot resolve key"
it is thrown at this line: "sslServerFactory.createServerSocket(port)"
I created a kestore and trustore files using 'keytool' and the step by step from the Jsse reference guide:
http://java.sun.com/j2se/1.4/docs/guide/security/jsse/JSSERefGuide.html#CreateKeystore
why do I get this exception and how to solve it, thank you.
YvesSSL error messages are sometimes cryptic.
Set:
System.getProperties().put("javax.net.debug","all");to really see what is happening.
Cheers'
Kullervo -
Problem in running j2ee programs with SSL: SSL context init failed : cannot
Hi,
I am just trying to run some servlet program that creates some SSL socket to communicate with a server. I have configured my java.security file but when i run my rpogram i get this error
SSL context init failed : cannot recover key.i am using SunJSSE provider
Plz help me and i am confused as in how to enable jsse in my sun java system app server platform edition.
Waiting for ur replies!
Thanks,
AkshathaI got this error last week.
The problem was that the keystore I was pointing to, was in other location, so it could not initialize the default context.
I had defined ...
String CLIENT_CERTIFPATH = getParam("client.certificate.path", "/users/pridas/myKeystoreFile");
// getParam extracts the location of the keystore from a text file which contains some configuration parameters. The default value will be /users/pridas/myKeystoreFile
In my case, I will try to develop a secure SOAP conexion using certificates.
Before to try the conexion, I defined ...
System.setProperty("javax.net.ssl.trustStore", CLIENT_CERTIFPATH);
System.setProperty("javax.net.ssl.keyStore", CLIENT_CERTIFPATH);
... and the problem when I got this error ... the keystore file was not in the correct location.
That was how I resolved this error.
I hope everybody will be oriented about this kind of errors.
Salu2. -
Error- isDefault SSL context init failed : Cannot recover key
Hi,
We are trying to run a sample HTTPS request from client to Server using SSL.
Below is the the code we used to run Client program which will communicate with HTTPS server (Server Socket which will accept connections)
Basically we created a server certificate inside Https server program and that will be exported and imported into Client directory.
Finally when we run below client program means its giving below error
Error- isDefault SSL context init failed : Cannot recover key
Can anybody please help me to run this program successfully?If we you give some basic steps to check the settings what needs to be set before running this program.?
Client Program
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider() );
System.setProperty("javax.net.ssl.keyStore", "D:\\JavaR&D\\Rajiv\\server\\serverkeys");
System.setProperty("javax.net.ssl.keyStoreType" ,"JKS"); /* ,"pkcs12" */
System.setProperty("javax.net.ssl.keyStorePassword","welcome");
System.setProperty("javax.net.ssl.trustStore" , "C:\\j2sdk1.5.0\\jre\\lib\\security\\cacerts");
System.setProperty("javax.net.ssl.trustStorePassword" , "clientpass");
System.setProperty("javax.net.ssl.trustStoreType","JKS"); /* ,"pkcs12" */
System.setProperty("java.protocol.handler.pkgs" ,"com.sun.net.ssl.internal.www.protocol");
com.sun.net.ssl.HostnameVerifier hv=new com.sun.net.ssl.HostnameVerifier() {
public boolean verify(String urlHostname, String certHostname) {
System.out.println("urlHostname >>" + urlHostname +"<<");
System.out.println("certHostname >>" + certHostname +"<<");
System.out.println("WARNING: Hostname is not matched for cert.");
return true;
com.sun.net.ssl.HttpsURLConnection.setDefaultHostnameVerifier(hv);
SSLSocketFactory factory = (SSLSocketFactory)SSLSocketFactory.getDefault();
// server = (SSLServerSocket) factory.createServerSocket(portNumber);
System.out.println("above socketcreation");
SSLSocket socket = (SSLSocket)factory.createSocket("172.16.56.227",8443);
Server ProgramIs there some kind of timeline that I can expect 8.1 to ship in?
I appreciate being informed that this is a known issue and all, but without giving me a timeframe to expect a fix in, how can you possibly expect me to continue to pursue your products as viable options?
To tell me to wait for 8.1, without giving me a timeframe or any further details is simply put in one word. Amatuer.
What kind of response is this? What am I supposed to tell my supervisor? How am I supposed to explain to upper management that the application server they're telling us to use is incapable of handling the use cases our business functions require? What do you want me to do, tell them to wait for the next release without being able to give them a ballpark figure? We're a small team, us Java guys. We've already invested months is moving to a new platform. Now that platform is failing us, and the vendor hasn't got any better response than, "Oh yeah, our bad. We'll fix it next time... whenever that is..."
If 8.1 is as half-baked as 8.0 is (BTW your deploytool is a broken piece of junk. I can reliably crash the thing in under 10 seconds) then I don't have a lot of hope for 8.1. You can bet I sure as heck won't be holding my breath for it.
Looks like it's time to investigate the other vendors that support J2EE 1.4. Something tells me I'll have better luck with WebSphere. The hard part there will be selling managment on the idea. At least IBM is notoriously forward with their clients, even if they are expensive.
All I'm asking for now is a timeframe for 8.1. When can we expect it? If it's before I expect to -have- to have this stuff in production I may be able to wait... but at this point, I'm disgruntled enough to not bother.
Maybe we should investigate moving to .net. At least then when the vendor screws me I'll be expecting it. -
Got 'Invalid keystore format' when trying to set up an SSL connection
Hello,
On Windows XP, JDK1.5_13:
I build a library module that can create an https connection supplying a certificate in a truststore. Used Apaches HttpClient 3.1 and the httpclient contrib library. To test this I used Tomcat, enabled SSL and added a keystore with certificate. I used a browser with the https url to get the certificate, stored it trusted in a keystore and tested the library with that keystore. This worked fine. The keystore was loaded and the connection established (even without supplying the keystore password).
Now I moved the library as is to a (RedHat) Linux machine, with JDK1.5_01. When I run the same test on this machine, I got the following stack trace:
java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:632)
at java.security.KeyStore.load(KeyStore.java:1150)
at org.apache.commons.httpclient.contrib.ssl.AuthSSLProtocolSocketFactory.createKeyStore(AuthSSLProtocolSocketFactory.java:222)
at org.apache.commons.httpclient.contrib.ssl.AuthSSLProtocolSocketFactory.createSSLContext(AuthSSLProtocolSocketFactory.java:292)
at org.apache.commons.httpclient.contrib.ssl.AuthSSLProtocolSocketFactory.getSSLContext(AuthSSLProtocolSocketFactory.java:331)
at org.apache.commons.httpclient.contrib.ssl.AuthSSLProtocolSocketFactory.createSocket(AuthSSLProtocolSocketFactory.java:368)
at org.apache.commons.httpclient.HttpConnection.open(HttpConnection.java:707)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:387)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
I dug up the JavaKeyStore.engineLoad source and found that it trips over the next piece of code, where stream is the InputStream for the keystore file and password is the password for the keystore file.
if (password != null) {
md = getPreKeyedHash(password);
dis = new DataInputStream(new DigestInputStream(stream, md));
} else {
dis = new DataInputStream(stream);
// Body format: see store method
int xMagic = dis.readInt();
int xVersion = dis.readInt();
if (xMagic!=0xfeedfeed ||
(xVersion!=0x01 && xVersion!=0x02)) {
throw new IOException("Invalid keystore format");
Tried to use JDK1.5_15 on Linux machine, but got the same result.
Can anyone tell me why it works on a windows machine, and not on a linux machine and/or what I can do to get it working?
Regards,
FrankI can only guess that the keystore file was corrupted when you copied it onto the Linux system. Check the first 8 bytes of the keystore file with a hex editor or viewer. They should be (in hex) fe ed fe ed 00 00 00 0z, where z is either 1 or 2.
In Linux, you can use the od command, e.g. od -t x1 keystorefile | head -1 should display the first 16 bytes of the file. -
we need to configure an SSO from SAP portal and a third party website by passing encrypted userid as url parameters.
To configure the SSO I have received the public key of the third party and able to access it from server location. Now I have to access priavte key of the SAP Portal certificate and sign the UserId and pass it as url parameter. I have gone through many blogs and written code as below which is giving Invalid Keystore Format error.
My question is
1. What should be passed to FileInputStream?
As of now we are passing the .cer file which is stored as part of project.
Below code is throwing error at ks.load() method.
String fielPath1 = request.getPublicResourcePath()+"/SAPLogonTicketKeypair-cert1.cer";
FileInputStream ksfis = new FileInputStream(fielPath1);
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(null, sPass.toCharArray());
BufferedInputStream ksbufin = new BufferedInputStream(ksfis);
ks.load(ksbufin, sPass.toCharArray());
PrivateKey priv = (PrivateKey) ks.getKey(alias, kPass.toCharArray());
Error is:
Invalid keystore formatsun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:633)sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)java.security.KeyStore.load(KeyStore.java:1185)am_sso_apc.doContent(am_sso_apc.java:132)com.sapportals.portal.prt.component.AbstractPortalComponent.serviceDeprecated(AbstractPortalComponent.java:213)
Please let me know how to pass the filepath to extract the priavte key .
Regards,
SatishI found the solution. As follows:
keytool -list -keytool keytoolfile -storetype jceks -
Ava.io.IOException: Invalid keystore format
Hi;
I am getting the following error while launching my applet through browser.
I have modified my java version from 1.4.2_08 to 1.5.0.10.
java.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(Unknown Source)
at java.security.KeyStore.load(Unknown Source)
at com.sun.deploy.security.DeploySigningCertStore$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.security.DeploySigningCertStore.load(Unknown Source)
at com.sun.deploy.security.DeploySigningCertStore.load(Unknown Source)
at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
at sun.plugin.security.PluginClassLoader.getPermissions(Unknown Source)
at java.security.SecureClassLoader.getProtectionDomain(Unknown Source)
at java.security.SecureClassLoader.defineClass(Unknown Source)
at java.net.URLClassLoader.defineClass(Unknown Source)
at java.net.URLClassLoader.access$100(Unknown Source)
at java.net.URLClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(Unknown Source)
at sun.applet.AppletClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadCode(Unknown Source)
at sun.applet.AppletPanel.createApplet(Unknown Source)
at sun.plugin.AppletViewer.createApplet(Unknown Source)
at sun.applet.AppletPanel.runLoader(Unknown Source)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)Please help me.what should be a problem for that.I think that I am on to something. I deleted all the files in this directory:
C:\Users\<username>\AppData\LocalLow\Sun\Java\Deployment\security
This seems to resolve the problem with the invalid keystore (is a new one created?). Do not know yet if it has some unwanted side effects, but jeg jvm seems to start normally. -
I have a Java applet (called PALS) that was developed with version 1.5 update 7. It has been signed with a digital certificate from Thawte. Recently a customer had her Windows XP machine re-imaged, and that image comes with the Java 6 JRE. Others have had this done and were still able to run my applet, but she gets an error message that complains about an "invalid keystore format."
I tried going into the Java Console and removing the user's PALS certificate, but it also complains about the keystore format. I then tried just removing Java 6 and installing Java 5, hoping that that would would clear things up, but she gets the same error.
Am I correct that when a user runs my applet the certificate is read from the JAR file and placed in a keystore on their machine? If the keystore has the wrong format, can I just delete it, and where is that file? I thought it was supposed to have the name .keystore but I can't find that anywhere.That was where I was expecting to find it, but it's not there. On a machine that hasn't been corrupted like my customer's, I can open up the Java Control Panel, go to the Security tab, click on certificates, and see the certificate that was used to sign the JAR file, but I don't have a .keystore file.
If it hasn't saved it in a file, where did it put it?
Thanks for your reply. -
Java.io.IOException: Invalid keystore format
Getting this invalid keystore format when trying to enter a secure website that run java. Tried to re-install several times and several versions of JRE... NtWebTellerApplet.
This is running on a Vista Ultimate x64 with Q6600 and 8 gigs of RAM. Even tried to get the support on that site to remote help.. No luck in that either.
ava.io.IOException: Invalid keystore format
at sun.security.provider.JavaKeyStore.engineLoad(Unknown Source)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(Unknown Source)
at java.security.KeyStore.load(Unknown Source)
at com.sun.deploy.security.DeploySigningCertStore$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.deploy.security.DeploySigningCertStore.loadCertStore(Unknown Source)
at com.sun.deploy.security.DeploySigningCertStore.load(Unknown Source)
at com.sun.deploy.security.DeploySigningCertStore.load(Unknown Source)
at com.sun.deploy.security.ImmutableCertStore.load(Unknown Source)
at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
at com.sun.deploy.security.TrustDecider.isAllPermissionGranted(Unknown Source)
at sun.plugin.security.PluginClassLoader.getPermissions(Unknown Source)
at java.security.SecureClassLoader.getProtectionDomain(Unknown Source)
at java.security.SecureClassLoader.defineClass(Unknown Source)
at java.net.URLClassLoader.defineClass(Unknown Source)
at java.net.URLClassLoader.access$000(Unknown Source)
at java.net.URLClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(Unknown Source)
at sun.applet.AppletClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadCode(Unknown Source)
at sun.applet.AppletPanel.createApplet(Unknown Source)
at sun.plugin.AppletViewer.createApplet(Unknown Source)
at sun.applet.AppletPanel.runLoader(Unknown Source)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)I think that I am on to something. I deleted all the files in this directory:
C:\Users\<username>\AppData\LocalLow\Sun\Java\Deployment\security
This seems to resolve the problem with the invalid keystore (is a new one created?). Do not know yet if it has some unwanted side effects, but jeg jvm seems to start normally. -
"Invalid Keystore Format" with Java Web Start
I got a user with a "invalid keystore format" problem He's running Windows XP and it happens when our java webstart application is starting up. He had a mix of java 5 and java 6.
We uninstalled all his javas and deleted his c:\program files\java\jre6\lib\security\cacerts file as suggest by my company's support people and reinstalled java 6 U 22 and he still has the problem.
The other users don't have a problem.
How do we get our java web start application on work for him? It a java application and not a java applet.
He got a new Dell laptop a couple of months ago and it has never worked for him. That model of laptop works for other users.the jar containing the native lib (win32com.dll) needed to be under the <nativelib> tag in the jnlp rather than <jar> .. duh!
fixing that solved the problem :)
Maybe you are looking for
-
Request for example KM content structure
I am looking for an example of an existing portal structure as we speak about the KM folder structure and KM content area. Any example is valuable and helps me thinking in the right direction for developing our own structure for the brand new global
-
Can R12.1.3 and R11.5.10 be installed on the same server?
Hello there, We are currently running Oracle eBiz R11.5.10, and would like to install the latest version R12.1.3 for testing purposes. Can R12.1.3 be installed on the same server (for both database and application tiers) as for R11.5.10? Any pitfalls
-
Where is incoming call notification on PC screen i...
I installed Nokia Suite 3.3.89 and I cannot find my favorite extra feature from earlier versions: the notification bubble on my PC screen when the connected phone is receiving an incoming call. Can someone tell me how to activate this great feature i
-
T60 won't boot, hangs on "Checking the status of the embedded security chip..."
My T60 with embedded security chip and finger print reader, running Windows XP, has just recently developed this problem. It never finishes booting. I've changed the BIOS setting to completely disable the security chip, yet this condition still per
-
hi all Can anybody explain me , I have created PO for excisable material, Now i m going to recevie the goods Before MIGO i should do capture and post the excise invoice or at time of MIGO i should capture the excise invoice.. Which is right.. Thanks