Java.lang.SecurityException: Cannot set up certs for trusted CAs

Similar Messages

• JCE SecurityException: Cannot set up certs for trusted CAs

  hi,
  I am using trying to Jar an application that uses the JCE
  package for encryption.
  When running the jar file the following exception ocurss:
  java.lang.ExceptionInInitializerError: java.lang.SecurityException: Cannot set up certs for trusted CAs
  at javax.crypto.b.<clinit>([DashoPro-V1.2-120198])
  at javax.crypto.Cipher.getInstance([DashoPro-V1.2-120198])
  at com.portland.encryption.Decrypter.decryptServer(Decrypter.java:67)
  at com.portland.util.ModelLoad.loadObj(ModelLoad.java:53)
  at com.portland.setup.SetUpInit.isUserFrameNeeded(SetUpInit.java:86)
  at com.portland.setup.SetUpInit.checkResources(SetUpInit.java:29)
  at com.portland.setup.SetUpInit.main(SetUpInit.java:99)
  Exception in thread "main"
  Is there any way arround this problem???

  hi,
  I am using trying to Jar an application that uses the
  JCE
  package for encryption.
  When running the jar file the following exception
  ocurss:
  java.lang.ExceptionInInitializerError:
  java.lang.SecurityException: Cannot set up certs for
  trusted CAs
  at
  at
  at javax.crypto.b.<clinit>([DashoPro-V1.2-120198])
  at
  at
  at
  t
  javax.crypto.Cipher.getInstance([DashoPro-V1.2-120198])
  at
  at
  at
  t
  com.portland.encryption.Decrypter.decryptServer(Decrypt
  r.java:67)
  at
  at
  at
  t
  com.portland.util.ModelLoad.loadObj(ModelLoad.java:53)
  at
  at
  at
  t
  com.portland.setup.SetUpInit.isUserFrameNeeded(SetUpIni
  .java:86)
  at
  at
  at
  t
  com.portland.setup.SetUpInit.checkResources(SetUpInit.j
  va:29)
  at
  at
  at
  t
  com.portland.setup.SetUpInit.main(SetUpInit.java:99)
  Exception in thread "main"
  Is there any way arround this problem???A few questions for you:
  (1) Have you updated the java.security file to include the SunJCE security provider i.e. :
  <JAVA_HOME>/jre/lib/security/java.security
  a line should be added into this file as such:
  security.provider.n=com.sun.crypto.provider.SunJCE
  , where n is the the order of which the security providers to be installed.
  (2) You should have all the necessary .jar files for the JCE packages and it should located in this directory:
  <JAVA_HOME>/jre/lib/ext
  Some developers make the mistake of copying the .jar files into the <JAVA_HOME>/lib directory.
  HTH.
  Allen Lai
  Developer Technical Support
  SUN Microsystems
  http://www.sun.com/developers/support/

• SecurityException: Cannot set up certs for trusted CAs

  I'm pressed for a solution to meet a delivery deadline - any help would
  be appreciated.
  I have a method that requests an instance of a SecretKeyFactory. The
  method works in a standalone application and in JRun which we use for
  development but when i try it in iPlanet iAS6 SP2 I get the following
  Exception listed below. (following the Exception is the code that
  generated it).
  java.lang.ExceptionInInitializerError: java.lang.SecurityException:
  Cannot set up certs for trusted CAs
  at javax.crypto.b.<clinit>([DashoPro-V1.2-120198])
  at
  javax.crypto.SecretKeyFactory.getInstance([DashoPro-V1.2-120198])
  at
  com.intellisales.shared.services.DESede.generatePrivateKeyFromFile(DESede.java:151)
  at
  com.intellisales.shared.services.DESede.<init>(DESede.java:60)
  at
  com.intellisales.gbsld1.servlets.BellServlet.doGet(BellServlet.java:169)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:865)
  at
  com.netscape.server.servlet.servletrunner.ServletInfo.service(Unknown
  Source)
  at
  com.netscape.server.servlet.servletrunner.ServletRunner.execute(Unknown
  Source)
  at com.kivasoft.applogic.AppLogic.execute(Unknown Source)
  at com.kivasoft.applogic.AppLogic.execute(Unknown Source)
  at com.kivasoft.thread.ThreadBasic.run(Native Method)
  at java.lang.Thread.run(Thread.java:479)
  java.lang.ExceptionInInitializerError: java.lang.SecurityException:
  Cannot set up certs for trusted CAs
  at javax.crypto.b.<clinit>([DashoPro-V1.2-120198])
  at
  javax.crypto.SecretKeyFactory.getInstance([DashoPro-V1.2-120198])
  at
  com.intellisales.shared.services.DESede.generatePrivateKeyFromFile(DESede.java:151)
  at
  com.intellisales.shared.services.DESede.<init>(DESede.java:60)
  at
  com.intellisales.gbsld1.servlets.BellServlet.doGet(BellServlet.java:169)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:865)
  at
  com.netscape.server.servlet.servletrunner.ServletInfo.service(Unknown
  Source)
  at
  com.netscape.server.servlet.servletrunner.ServletRunner.execute(Unknown
  Source)
  at com.kivasoft.applogic.AppLogic.execute(Unknown Source)
  at com.kivasoft.applogic.AppLogic.execute(Unknown Source)
  at com.kivasoft.thread.ThreadBasic.run(Native Method)
  at java.lang.Thread.run(Thread.java:479)
  public SecretKey generatePrivateKeyFromFile(){
  FileInputStream pfis = null;
  SecretKey seckey = null;
  try {
  Security.addProvider(new sun.security.provider.Sun());
  Security.addProvider(new com.sun.crypto.provider.SunJCE());
  // *** get secret key ***
  pfis = new FileInputStream(keyFileName);
  byte[] encKey = new byte[pfis.available()];
  pfis.read(encKey);
  pfis.close();
  SecretKeyFactory mykeyfac1 =
  SecretKeyFactory.getInstance("DESede");
  DESedeKeySpec dk = new DESedeKeySpec(encKey);
  seckey = mykeyfac1.generateSecret(dk);
  byte[] key = seckey.getEncoded();
  } catch (Exception e){
  e.printStackTrace();
  return seckey;
  }// end generatePrivateKeyFromFile
  Thanks

  hi,
  I am using trying to Jar an application that uses the
  JCE
  package for encryption.
  When running the jar file the following exception
  ocurss:
  java.lang.ExceptionInInitializerError:
  java.lang.SecurityException: Cannot set up certs for
  trusted CAs
  at
  at
  at javax.crypto.b.<clinit>([DashoPro-V1.2-120198])
  at
  at
  at
  t
  javax.crypto.Cipher.getInstance([DashoPro-V1.2-120198])
  at
  at
  at
  t
  com.portland.encryption.Decrypter.decryptServer(Decrypt
  r.java:67)
  at
  at
  at
  t
  com.portland.util.ModelLoad.loadObj(ModelLoad.java:53)
  at
  at
  at
  t
  com.portland.setup.SetUpInit.isUserFrameNeeded(SetUpIni
  .java:86)
  at
  at
  at
  t
  com.portland.setup.SetUpInit.checkResources(SetUpInit.j
  va:29)
  at
  at
  at
  t
  com.portland.setup.SetUpInit.main(SetUpInit.java:99)
  Exception in thread "main"
  Is there any way arround this problem???A few questions for you:
  (1) Have you updated the java.security file to include the SunJCE security provider i.e. :
  <JAVA_HOME>/jre/lib/security/java.security
  a line should be added into this file as such:
  security.provider.n=com.sun.crypto.provider.SunJCE
  , where n is the the order of which the security providers to be installed.
  (2) You should have all the necessary .jar files for the JCE packages and it should located in this directory:
  <JAVA_HOME>/jre/lib/ext
  Some developers make the mistake of copying the .jar files into the <JAVA_HOME>/lib directory.
  HTH.
  Allen Lai
  Developer Technical Support
  SUN Microsystems
  http://www.sun.com/developers/support/

• Cannot set up certs for trusted CAs going from 1.4.2_03 to 1.4.2_13

  Getting a wierd issue with "Cannot set up certs for trusted CAs" This works if we are using anything less then 1.4.2_07, but the minute we install 1.4.2_07 or 13 as the case may be we get the following Exception:
  log9: java.lang.ExceptionInInitializerError
  log9: at javax.crypto.Cipher.a(DashoA12275)
  log9: at javax.crypto.Cipher.getInstance(DashoA12275)
  log9: at com.gm.gwm.common.util.AesUtil.encrypt(AesUtil.java:31)
  log9: at com.gm.gwm.common.data.OfflineAuthenticatorDao.updatePassword(OfflineAuthenticatorDao.java:645)
  log9: at com.gm.gwm.common.service.OfflineAuthenticatorService.updatePassword(OfflineAuthenticatorService.java:141)
  log9: at main.jspService(_main.java:156)
  log9: at oracle.jsp.runtime.HttpJsp.service(HttpJsp.java:119)
  log9: at oracle.lite.web.JupServlet.service(Unknown Source)
  log9: at oracle.lite.web.JspRunner.service(Unknown Source)
  log9: at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
  log9: at oracle.lite.web.JupServlet.service(Unknown Source)
  log9: at oracle.lite.web.MimeServletHandler.handle(Unknown Source)
  log9: at oracle.lite.web.JupApplication.handle(Unknown Source)
  log9: at oracle.lite.web.JupApplication.service(Unknown Source)
  log9: at oracle.lite.web.JupHandler.handle(Unknown Source)
  log9: at oracle.lite.web.HTTPServer.process(Unknown Source)
  log9: at oracle.lite.web.HTTPServer.handleRequest(Unknown Source)
  log9: at oracle.lite.web.JupServer.handle(Unknown Source)
  log9: at oracle.lite.web.SocketListener.process(Unknown Source)
  log9: at oracle.lite.web.ClientListener.process(Unknown Source)
  log9: at oracle.lite.web.SocketListener$ReqHandler.run(Unknown Source)
  log9: Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
  log9: at javax.crypto.SunJCE_b.<clinit>(DashoA12275)
  log9: ... 21 more
  log9: Caused by: java.lang.IllegalStateException: Already connected
  log9: at java.net.URLConnection.setUseCaches(Unknown Source)
  log9: at sun.net.www.protocol.jar.JarURLConnection.setUseCaches(Unknown Source)
  log9: at javax.crypto.SunJCE_d.a(DashoA12275)
  log9: at javax.crypto.SunJCE_b.g(DashoA12275)
  log9: at javax.crypto.SunJCE_b.f(DashoA12275)
  log9: at javax.crypto.SunJCE_t.run(DashoA12275)
  log9: at java.security.AccessController.doPrivileged(Native Method)
  Not sure what we are doing wrong.
      public static String encrypt(String value) throws AesException {
            try {
                 SecretKeySpec secKeySpec = new SecretKeySpec(fromHexString(encyptKey), algorithm);
                 Provider provider = new SunJCE();
                Security.addProvider(provider);
              Cipher cipher = Cipher.getInstance(algorithm, provider);
                 cipher.init(Cipher.ENCRYPT_MODE, secKeySpec);
                 byte[] encryptedBytes = cipher.doFinal(value.getBytes());
                 return toHexString(encryptedBytes);
            } catch (Exception e) {
                 throw new AesException(e);
       }

  I added that late just in case, for some strange reason, the provider wasn't getting picked up.
  Here is the list of available providers:
  log9: SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS keystore
  ; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores)
  log9: Sun JSSE provider(implements RSA Signatures, PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
  log9: SUN's provider for RSA signatures
  log9: SunJCE Provider (implements DES, Triple DES, AES, Blowfish, PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
  log9: Sun (Kerberos v5)
  log9: java.lang.ExceptionInInitializerError
  The minute I rollback to an older JVM this works.

• "Cannot set up certs for trusted CAs" and Tomcat

  I have succeeded in downloading/installing the JCE component and writing a small java program that ecrypts and decrypts text.
  Now that I've tried to integrate this code into a web application, I'm getting the following exception message:
  java.lang.ExceptionInInitializerError: java.lang.SecurityException: Cannot set up certs for trusted CAs: java.lang.SecurityException: Cannot locate policy and/or framework files for signer restraint check!
       at javax.crypto.SunJCE_b.<clinit>(DashoA6275)
       at javax.crypto.Cipher.a(DashoA6275)
       at javax.crypto.Cipher.getInstance(DashoA6275)
  I've copied the four JAR files into the web-inf/lib directory. I believe that I need to make changes to the appropriate policy file (which I assume is the catalina.policy file under the tomcat/conf folder) but this doesn't seem to make any difference.
  Can anybody help??
  Cheers,
  Ben
  PS - I DON'T want to copy the JARs into <java-home>\lib\ext

  i've been dealing w/ jdk1.3 and jce
  installation, configuration, and exceptions for a day
  now. i've recently upgraded to j2sdk1.4.1 and i have
  the same problems:
  java.lang.reflect.InvocationTargetException:
  java.lang.ExceptionInInitializerError:
  java.lang.SecurityException: Cannot set up certs for
  trusted CAs: java.lang.SecurityException: Cannot
  locate policy and/or framework files for signer
  restraint check!
  can you give me a little more detail around your
  explanation. in particular, i can get my encryption
  code to run as a command line app using the JDK alone.
  its once i try to run the code inside of tomcat that i
  get this exception.
  so far, i've tried putting all the .jars in my
  classpath, as well as web-inf/lib, as well as
  jre/lib/ext, as well as tomcat_home/common/lib and
  nothing works.
  could this still be a provider problem as you indicate
  and how does that explain the fact that it works with
  the JDK alone?Sun's JCE 1.2.2 and their JCE Provider doing a cross checking of the classes and their signatures. In JDK 1.4 that cross validation were removed, but JCE framework still checking the signature of the provider.
  You may also need to check which JRE you are using. On windows you have two of them by default: the one within JDK installation and the another one within "Programm Files". The last one is used by default if you didn't specify the path for java command.
  I've been using BouncyCastle JCE and their provider for a while. It works just fine in web-inf\lib directory under the JRE 1.3.1. They also have the signed jar for J2SE 1.4 that does not includes JCE framework.
  Note that you have to register your provider dynamically if you going to use it in the web application. You also have to make sure that your web app has enough rights for that (check the security properties if you are using security).
  BTW, which app container are you using?

• Error running DataExportUtility - Cannot set up certs for trusted CAs

  When I try to run the DataExportUtility, I get the following Java exception... any ideas?
  Starting Data Export Utility...
  Exception in thread "main" java.lang.ExceptionInInitializerError: java.lang.SecurityException: Cannot set up certs for trusted CAs
  at javax.crypto.b.<clinit>([DashoPro-V1.2-120198])
  at javax.crypto.SecretKeyFactory.getInstance([DashoPro-V1.2-120198])
  at com.avaya.cc.cvx.security.CryptoServices.initialize(CryptoServices.java:249)
  at com.avaya.cc.cvx.security.CryptoServices.<init>(CryptoServices.java:234)
  at com.avaya.cc.cvx.security.CryptoServices.getInstance(CryptoServices.java:69)
  at com.avaya.stumbras.export.utility.DataExportCommand.execute(DataExportCommand.java:1009)
  at com.avaya.stumbras.export.utility.DataExportUtility.run(DataExportUtility.java:189)
  at com.avaya.stumbras.export.utility.DataExportUtility.main(DataExportUtility.java:158)
  Data Export Utility completed.

  Hi user454118,
  It doesn't appear DataExportUtlity is relevant to TimesTen IMDB. Could you have posted your message to the wrong forum?
  -scheung

• Cannot set up certs for trusted CAs

  HI
  If i try to run my aplication I am getting the following exception
  ---------- JavaRun ----------
  subString1.3
  1.3........................1.3.1_07
  Exception occurred during event dispatching:
  java.lang.ExceptionInInitializerError: java.lang.SecurityException: Cannot set up certs for trusted CAs
  at javax.crypto.b.<clinit>([DashoPro-V1.2-120198])
  at javax.crypto.Cipher.getInstance([DashoPro-V1.2-120198])
  at EncryptionFactoryImpl.<init>(EncryptionFactoryImpl.java:74)
  at CheckXML.endElement(CheckXML.java:54)
  at org.apache.crimson.parser.Parser2.maybeElement(Parser2.java:1489)
  at org.apache.crimson.parser.Parser2.content(Parser2.java:1700)
  at org.apache.crimson.parser.Parser2.maybeElement(Parser2.java:1468)
  at org.apache.crimson.parser.Parser2.content(Parser2.java:1700)
  at org.apache.crimson.parser.Parser2.maybeElement(Parser2.java:1468)
  at org.apache.crimson.parser.Parser2.content(Parser2.java:1700)
  at org.apache.crimson.parser.Parser2.maybeElement(Parser2.java:1468)
  at org.apache.crimson.parser.Parser2.parseInternal(Parser2.java:499)
  at org.apache.crimson.parser.Parser2.parse(Parser2.java:304)
  at org.apache.crimson.parser.XMLReaderImpl.parse(XMLReaderImpl.java:433)
  at Authenticate.verify(Authenticate.java:29)
  at Login.actionPerformed(Login.java:112)
  at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:1445)
  at javax.swing.AbstractButton$ForwardActionEvents.actionPerformed(AbstractButton.java:1499)
  at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:373)
  at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:245)
  at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:211)
  at java.awt.Component.processMouseEvent(Component.java:3710)
  at java.awt.Component.processEvent(Component.java:3539)
  at java.awt.Container.processEvent(Container.java:1159)
  at java.awt.Component.dispatchEventImpl(Component.java:2588)
  at java.awt.Container.dispatchEventImpl(Container.java:1208)
  at java.awt.Component.dispatchEvent(Component.java:2492)
  at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:2451)
  at java.awt.LightweightDispatcher.processMouseEvent(Container.java:2216)
  at java.awt.LightweightDispatcher.dispatchEvent(Container.java:2125)
  at java.awt.Container.dispatchEventImpl(Container.java:1195)
  at java.awt.Window.dispatchEventImpl(Window.java:923)
  at java.awt.Component.dispatchEvent(Component.java:2492)
  at java.awt.EventQueue.dispatchEvent(EventQueue.java:334)
  at java.awt.EventDispatchThread.pumpOneEventForHierarchy(EventDispatchThread.java:126)
  at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:93)
  at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:88)
  at java.awt.EventDispatchThread.run(EventDispatchThread.java:80)
  Can someone tell me the solution for this , it is very urgent
  thanks in advance

  I got the exact same problem on my server yesterday (Aug 1st) after I restarted it. Apparently on July 28th 2005 the certificate that jce 1.2.1 crypto package uses expired. I was able to confirm this by setting the server clock back to before July 28th and everything worked fine. I updated to jce 1.2.2 (http://java.sun.com/security/index.jsp) and it resolved my problem.

• Create Secure store -  Cannot set up certs for trusted CAs

  I am installing the JAVA Add-in in an existing WAS ABAP 6.40 system. ( fresh install).
  I selected strong encryption ..but in the phase Create Secure Store I get an error. I have changed the r+w permissions on my unix box to 777 ( so all..;-) But still the same problem.
  -- SAP WEB AS JAVA SR1 ( SP9) - java 14_64 --
  Here is the log
  SAP Secure Store in the File System - Copyright (c) 2003 SAP AG
  Exception in thread "main" java.lang.ExceptionInInitializerError
          at javax.crypto.Cipher.a(Unknown Source)
          at javax.crypto.Cipher.getInstance(Unknown Source)
          at iaik.security.provider.IAIK.a(Unknown Source)
          at iaik.security.provider.IAIK.addAsJDK14Provider(Unknown Source)
          at iaik.security.provider.IAIK.addAsJDK14Provider(Unknown Source)
          at com.sap.security.core.server.secstorefs.Crypt.<clinit>(Crypt.java:82)
          at com.sap.security.core.server.secstorefs.SecStoreFS.setSID(SecStoreFS.java:158)
          at com.sap.security.core.server.secstorefs.SecStoreFS.handleCreate(SecStoreFS.java:804)
          at com.sap.security.core.server.secstorefs.SecStoreFS.main(SecStoreFS.java:1274)
  Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
          at javax.crypto.e.<clinit>(Unknown Source)
          ... 9 more
  Caused by: java.lang.SecurityException: Jurisdiction policy files are not signed by trusted signers!
          at javax.crypto.e.a(Unknown Source)
          at javax.crypto.e.a(Unknown Source)
          at javax.crypto.e.g(Unknown Source)
          at javax.crypto.f.run(Unknown Source)
          at javax.crypto.e.g(Unknown Source)
  at java.security.AccessController.doPrivileged1(Native Method)
          at java.security.AccessController.doPrivileged(AccessController.java(Compiled Code))
          ... 10 more
  any idea ???

  Hello,
  we have the same problem on our site. Can you describe exactly what you've done? (What driver did you mean)?
  Thanks and best regards,
  Jens

• Cannot set up certs for trusted CAs  on JDeveloper1013

  Hi Guys,
  When I use Apache HTTPClient to Connect to URL with NTLM Auth,
  I have got this problem:
  "Cannot set up certs for trusted CAs"
  and "java.lang.SecurityException"
  However, my source works fine with JDeveloper1013 on Windows 2000.
  JDK 1.4,2
  When I run it on Windows XP Pro, I got above Exception.
  The same souce code:
  Good enviroment:
  Window 2000, JDK1.4.2_XXX
  JDeveloper 1013
  Bad enviroment:
  WindowsXP Pro, JDK1.4.2_XXX
  JDeveloper1013
  Any idea.
  Thanks in advanced
  Thanks

  I haven't messed with 1.3 versions, but in 1.4.2 and later, the jce jar files have to be in <jre>/lib/security rather than in the classpath.
  HTH,
  John

• Error : cannot set up certs for trusted CAs, help !

  Hi !
  I am attempting to use the javax.crypto classes in order to decrypt and encrypt
  information.
  But i get the follow message when i change the executing directory :
  -> cannot set up certs for trusted CAs
  If i decompress all follow jar files:
  jce1_2_1.jar;
  sunjce_provider.jar;
  local_policy.jar;
  US_export_policy.jar;
  my applicattion doesn't work. ...
  But if i use jar files, everything is ok and only in a "unique" directories ....
  Why ?
  [email protected]

  Hi Sri,
  I am working on a similar problem. In fact, while I write a simple stand-alone program, everything works fine for me.
  As soon as I embed the very same class into my application, I also get the error you see. The major difference I see between my application and the stand-alone program is the class loading, which my application does via its specialized class loaders. However, I failed to catch the encryption code in my class loader between the call to
  SecretKeyFactory.getInstance("PBEWithMD5AndDES").generateSecret(k);
  and the error.
  You have any idea how to track the issue down?
  Regards,
  Jack

• "Can't set up certs for trusted CA's" error

  Hi,
  I'm using JCE 1.2.1 for encryption. I have no problem running in current date (i.e. yr 2001) but
  when I change the system date to a date less than the "last modified date" of the JCE jar files or to a date 5 years after this, I encountered this error.
  any ideas?

  I M getting the same error as following:
  Exception in thread "main" java.lang.ExceptionInInitializerError: java.lang.SecurityException: Cannot
  set up certs for trusted CAs
  at javax.crypto.b.<clinit>([DashoPro-V1.2-120198])
  at javax.crypto.Cipher.getInstance([DashoPro-V1.2-120198], Compiled Code)
  at test.main(test.java, Compiled Code)
  I have copied all four jar files in classpath.
  but it is still not working.
  please help urgently.
  regards.
  Saurabh Agarwal

• Java.lang.SecurityException: Jurisdiction policy files are not signed by t

  Hi
  *I am installing ECC6 onAIX 6.1 with oarcle 10g.*
  *I am getting error in create secure store*
  *Policy and security files are ok,*
  aused by: java.lang.ExceptionInInitializerError
          at java.lang.J9VMInternals.initialize(J9VMInternals.java:218)
          at javax.crypto.Cipher.a(Unknown Source)
          at javax.crypto.Cipher.getInstance(Unknown Source)
          at iaik.security.provider.IAIK.a(Unknown Source)
          at iaik.security.provider.IAIK.addAsJDK14Provider(Unknown Source)
          at iaik.security.provider.IAIK.addAsJDK14Provider(Unknown Source)
          at com.sap.security.core.server.secstorefs.Crypt.<clinit>(Crypt.java:82)
          at java.lang.J9VMInternals.initializeImpl(Native Method)
          at java.lang.J9VMInternals.initialize(J9VMInternals.java:196)
          at com.sap.security.core.server.secstorefs.SecStoreFS.setSID(SecStoreFS.java:158)
          at com.sap.security.core.server.secstorefs.SecStoreFS.handleCreate(SecStoreFS.java:804)
          at com.sap.security.core.server.secstorefs.SecStoreFS.main(SecStoreFS.java:1274)
          ... 6 more
  Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
          at javax.crypto.b.<clinit>(Unknown Source)
          at java.lang.J9VMInternals.initializeImpl(Native Method)
          at java.lang.J9VMInternals.initialize(J9VMInternals.java:196)
          ... 17 more
  Caused by: java.lang.SecurityException: Jurisdiction policy files are not signed by trusted signers!
          at javax.crypto.b.a(Unknown Source)
          at javax.crypto.b.a(Unknown Source)
          at javax.crypto.b.access$600(Unknown Source)
          at javax.crypto.b$0.run(Unknown Source)
          at java.security.AccessController.doPrivileged(AccessController.java:246)
          ... 20 more
  ERROR      2009-07-07 14:10:47.063
             CJSlibModule::writeError_impl()
  CJS-30050  Cannot create the secure store. SOLUTION: See output of log file SecureStoreCreate.log:
  SAP Secure Store in the File System - Copyright (c) 2003 SAP AG
  java.lang.reflect.InvocationTargetException
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:88)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:61)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:60)
          at java.lang.reflect.Method.invoke(Method.java:391)
          at com.sap.engine.offline.OfflineToolStart.main(OfflineToolStart.java:81)
  Caused by: java.lang.ExceptionInInitializerError
          at java.lang.J9VMInternals.initialize(J9VMInternals.java:218)
          at javax.crypto.Cipher.a(Unknown Source)
          at javax.crypto.Cipher.getInstance(Unknown Source)
          at iaik.security.provider.IAIK.a(Unknown Source)
          at iaik.security.provider.IAIK.addAsJDK14Provider(Unknown Source)
          at iaik.security.provider.IAIK.addAsJDK14Provider(Unknown Source)
          at com.sap.security.core.server.secstorefs.Crypt.<clinit>(Crypt.java:82)
          at java.lang.J9VMInternals.initializeImpl(Native Method)
          at java.lang.J9VMInternals.initialize(J9VMInternals.java:196)
          at com.sap.security.core.server.secstorefs.SecStoreFS.setSID(SecStoreFS.java:158)
          at com.sap.security.core.server.secstorefs.SecStoreFS.handleCreate(SecStoreFS.java:804)
          at com.sap.security.core.server.secstorefs.SecStoreFS.main(SecStoreFS.java:1274)
          ... 6 more
  Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
          at javax.crypto.b.<clinit>(Unknown Source)
          at java.lang.J9VMInternals.initializeImpl(Native Method)
          at java.lang.J9VMInternals.initialize(J9VMInternals.java:196)
          ... 17 more
  Caused by: java.lang.SecurityException: Jurisdiction policy files are not signed by trusted signers!
          at javax.crypto.b.a(Unknown Source)
          at javax.crypto.b.a(Unknown Source)
          at javax.crypto.b.access$600(Unknown Source)
          at javax.crypto.b$0.run(Unknown Source)
          at java.security.AccessController.doPrivileged(AccessController.java:246)
          ... 20 more.
  ERROR      2009-07-07 14:10:47.547 [sixxcstepexecute.cpp:960]
  FCO-00011  The step createSecureStore with step key |NW_Onehost|ind|ind|ind|ind|0|0|NW_Onehost_System|ind|ind|ind|ind|2|0|NW_CreateDBandLoad|ind|ind|ind|ind|10|0|NW_SecureStore|ind|ind|ind|ind|8|0|createSecureStore was executed with status ERROR ( Last error reported by the step :Cannot create the secure store. SOLUTION: See output of log file SecureStoreCreate.log:
  SAP Secure Store in the File System - Copyright (c) 2003 SAP AG
  java.lang.reflect.InvocationTargetException
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:88)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:61)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:60)
          at java.lang.reflect.Method.invoke(Method.java:391)
          at com.sap.engine.offline.OfflineToolStart.main(OfflineToolStart.java:81)
  Caused by: java.lang.ExceptionInInitializerError
          at java.lang.J9VMInternals.initialize(J9VMInternals.java:218)
          at javax.crypto.Cipher.a(Unknown Source)
          at javax.crypto.Cipher.getInstance(Unknown Source)
          at iaik.security.provider.IAIK.a(Unknown Source)
          at iaik.security.provider.IAIK.addAsJDK14Provider(Unknown Source)
          at iaik.security.provider.IAIK.addAsJDK14Provider(Unknown Source)
          at com.sap.security.core.server.secstorefs.Crypt.<clinit>(Crypt.java:82)
          at java.lang.J9VMInternals.initializeImpl(Native Method)
          at java.lang.J9VMInternals.initialize(J9VMInternals.java:196)
          at com.sap.security.core.server.secstorefs.SecStoreFS.setSID(SecStoreFS.java:158)
          at com.sap.security.core.server.secstorefs.SecStoreFS.handleCreate(SecStoreFS.java:804)
          at com.sap.security.core.server.secstorefs.SecStoreFS.main(SecStoreFS.java:1274)
          ... 6 more
  Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
          at javax.crypto.b.<clinit>(Unknown Source)
          at java.lang.J9VMInternals.initializeImpl(Native Method)
          at java.lang.J9VMInternals.initialize(J9VMInternals.java:196)
          ... 17 more
  Caused by: java.lang.SecurityException: Jurisdiction policy files are not signed by trusted signers!
          at javax.crypto.b.a(Unknown Source)
          at javax.crypto.b.a(Unknown Source)
          at javax.crypto.b.access$600(Unknown Source)
          at javax.crypto.b$0.run(Unknown Source)
          at java.security.AccessController.doPrivileged(AccessController.java:246)
          ... 20 more.).
  what could be the problem ?
  Please give me the soluation
  regards
  Vijay

  Dear Juan
  You are correct.
  I downloaded correct file from IBM site , and Create Secure store step completed but innext step IMPORT JAVA DUMP
  it gave error
  n error occurred while processing service SAP ERP 6.0 Support Release 3 > SAP Systems > Oracle > Central System > Central System( Last error reported by the step : Execution of JLoad tool '/usr/java14_64/bin/java -classpath /swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/launcher.jar -showversion -Xmx512m -Xj9 com.sap.engine.offline.OfflineToolStart com.sap.inst.jload.Jload /swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/lib/iaik_jce.jar:/swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/jload.jar:/swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/antlr.jar:/swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/exception.jar:/swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/jddi.jar:/swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/logging.jar:/swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/offlineconfiguration.jar:/swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/opensqlsta.jar:/swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/install/sharedlib/tc_sec_secstorefs.jar:/oracle/client/10x_64/instantclient/ojdbc14.jar -sec AGQ,jdbc/pool/AGQ,/usr/sap/AGQ/SYS/global/security/data/SecStore.properties,/usr/sap/AGQ/SYS/global/security/data/SecStore.key -dataDir /swdump/NW7.0_SR3_JAVA_COMP_51033513/DATA_UNITS/JAVA_EXPORT_JDMP -job /swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/IMPORT.XML -log jload.log' aborts with return code 1. SOLUTION: Check 'jload.log' and '/swdump/tmpinst/sapinst_instdir/ERP/SYSTEM/ORA/CENTRAL/AS/jload.java.log' for more information.
  regards
  vijjay

• Java.lang.SecurityException: Authentication for user system denied in realm wl_realm Error.

            Getting this security exception when trying to pull a message from one weblogic
            instance JMS queue, and sending the message (via a MDB) to another machine's JMS
            queue.
            Ex. Here's the scenario.
            Two Windows2000Server machines,
            one at ip ... xxx.xxx.x.16,
            second machine at ... xxx.xxx.x.17.
            MDB pulls message off of a JMS queue on 16. MDB sends the message to .17 box.
            ON the .17 machine (the receiver) I get the following exception
            weblogic.transaction.internal.CoordinatorImpl@31406b>
            java.lang.SecurityException: Authentication for user system denied in realm wl_realm
                 at weblogic.security.acl.Realm.authenticate(Realm.java:212)
                 at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
                 at weblogic.security.acl.internal.Security.authenticate(Security.java:125)
                 at weblogic.security.acl.internal.Security.verify(Security.java:87)
                 at weblogic.rmi.internal.BasicRequestHandler.handleRequest(BasicRequestHandler.java:76)
                 at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:17)
                 at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:137)
                 at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
            ON the sending maching .16, I get the following exception.
            ####<Apr 3, 2002 9:46:24 AM CST> <Error> <RJVM> <testweblogic> <OptiSoftAppServer>
            <ExecuteThread: '96' for queue: 'default'> <> <> <000000> <Unsolicited error response
            for: '-1'>
            The messages appear to show up on the destination machine, but are these error
            messages valid, or just bogus?
            Thanks,
            Eric.
            

  Why is that? Your suggestion worked but I don't understand why.
            When our MDB on machineA did the JNDI lookup to MachineB we set the
            credentials to a valid user/password on MachineB.
            My speculation: Since the MDB on machineA is already in a transaction
            any other JNDI calls use the credentials for the MDB's transactions,
            ignoring any other credentials we might try to set explicitly. If my
            speculation is correct then that would explain by the passwords for the
            user "system" would have to be the same between servers.
            Is there a good place to read up on this?
            Thanks
            Tom
            Rajesh Mirchandani wrote:
            > Make sure you have the same system password for the 2 instances of WLS on seperate boxes.
            >
            > Tom Barnes wrote:
            >
            >
            >>Or post to the EJB newsgroup (which "owns" MDBs).
            >>
            >>Tom Barnes wrote:
            >>
            >>
            >>>I think there is a username/password field configurable in the MDB descriptor that
            >>>might help here??? Other than that, I suggest posting to the security newsgroup.
            >>>
            >>>Tom
            >>>
            >>>Eric Babin wrote:
            >>>
            >>>
            >>>>Getting this security exception when trying to pull a message from one weblogic
            >>>>instance JMS queue, and sending the message (via a MDB) to another machine's JMS
            >>>>queue.
            >>>>
            >>>>Ex. Here's the scenario.
            >>>>
            >>>> Two Windows2000Server machines,
            >>>> one at ip ... xxx.xxx.x.16,
            >>>> second machine at ... xxx.xxx.x.17.
            >>>>
            >>>> MDB pulls message off of a JMS queue on 16. MDB sends the message to .17 box.
            >>>>
            >>>>
            >>>>ON the .17 machine (the receiver) I get the following exception
            >>>>
            >>>>weblogic.transaction.internal.CoordinatorImpl@31406b>
            >>>>java.lang.SecurityException: Authentication for user system denied in realm wl_realm
            >>>> at weblogic.security.acl.Realm.authenticate(Realm.java:212)
            >>>> at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
            >>>> at weblogic.security.acl.internal.Security.authenticate(Security.java:125)
            >>>> at weblogic.security.acl.internal.Security.verify(Security.java:87)
            >>>> at weblogic.rmi.internal.BasicRequestHandler.handleRequest(BasicRequestHandler.java:76)
            >>>> at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:17)
            >>>> at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:137)
            >>>> at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
            >>>>
            >>>>ON the sending maching .16, I get the following exception.
            >>>>
            >>>>####<Apr 3, 2002 9:46:24 AM CST> <Error> <RJVM> <testweblogic> <OptiSoftAppServer>
            >>>><ExecuteThread: '96' for queue: 'default'> <> <> <000000> <Unsolicited error response
            >>>>for: '-1'>
            >>>>
            >>>>The messages appear to show up on the destination machine, but are these error
            >>>>messages valid, or just bogus?
            >>>>
            >>>>Thanks,
            >>>>
            >>>>Eric.
            >>>>
            >
            > --
            > Rajesh Mirchandani
            > Developer Relations Engineer
            > BEA Support
            >
            >
            >
            

• Java.lang.SecurityException: Authentication for user test1 denied in realm wl_realm

  Environment: WLS61 SP2
  Two WLS61 servers on different machines. User test1 is authenticated against LDAP
  on server_1, then tries
  to execute a class (from JSP) that calls EJB on server_2. The environment properties
  for the call to EJB on server_2 to are setup as follows (Note that user test2 is
  used to call EJB on server_2. User test2 exists in the wl_realm on server2):
  env.put(Context.INITIAL_CONTEXT_FACTORY, "weblogic.jndi.WLInitialContextFactory");
  env.put(Context.PROVIDER_URL, "t3://server2:7001");
  env.put(Context.SECURITY_AUTHENTICATION, "simple");
  env.put(Context.SECURITY_PRINCIPAL, "test2");
  env.put(Context.SECURITY_CREDENTIALS, "somepass");
  The call results in the following exception raised on server_2. Why is test1 id used
  if test2 is explicitly specified for the call? User test1 does not exist on server_2.
  <Jul 13, 2002 11:37:31 AM EDT> <Warning> <Dispatcher> <RuntimeException thrown by
  rmi server: 'weblo
  gic.rmi.cluster.ClusterableServerRef@111 - jvmid: '4783591120128354231S:xxx.xxx.xxx.xxx:[7001,7001,7002,7
  002,7001,7002,-1]:mydomain:myserver', oid: '271', implementation: '[BaseEJBObject]
  home: c
  om.test.TestEJB_jvjalv_HomeImpl@7583b9''
  java.lang.SecurityException: Authentication for user test1 denied in realm wl_realm
  at weblogic.security.acl.Realm.authenticate(Realm.java:212)
  at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:233)
  at weblogic.security.acl.internal.Security.authenticate(Security.java:125)
  at weblogic.security.acl.internal.Security.verify(Security.java:87)
  at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:237)
  at weblogic.rmi.internal.BasicExecuteRequest.execute(BasicExecuteRequest.java:22)
  at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
  at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)

  If you are using JNDI authentication, make sure you close the context before
  you get another context.
  In WLS, stack of authenticated users will be maintained per thread. Now when
  user is authenticated, it will be pushed into the stack. When you close the
  context it will be popped out. In your case it seems like somehow test1 user's
  idenitity is set on the thread which is calling the EJB on server2.
  use weblogic.security.acl.Security.getCurrentUser() to get the current
  user associated with the thread.
  I hope this helps.
  -utpal

• Java.lang.SecurityException: Authentication for user system denied in realm weblogic

  I am looking for some help to deploy the application in weblogic6.0.
  This is what i did during the application deployment.
  Create a new directory under config as a new application.
  D:\bea\wlserver6.0\config\test
  under test created two other directories applications and logs.
  Under the applications directory copied .ear and .war files.
  Under the test i copied config.xml, all the *.pem starttest.cmd, fileRealam.properties
  files. Modified the config.xml with my application, domain and the server. Modified
  the settest.cmd with the new domain and server name.
  when i do startup, it is prompting for the password and i entered what ever i mentioned
  during the installation.
  And getting the following error.
  Thanks alot for any suggestions.
  D:\bea\wlserver6.0\config\test>startTest.cmd
  D:\bea\wlserver6.0>set PATH=.\bin;D:\bea\jdk130\bin;C:\RATIONAL\RATION~1\NUTCROO
  T\bin;C:\RATIONAL\RATION~1\NUTCROOT\bin\x11;C:\RATIONAL\RATION~1\NUTCROOT\mksnt;
  C:\WINNT\system32;C:\WINNT;C:\WINNT\System32\Wbem;C:\Program Files\Dell\Resoluti
  on Assistant\Common\bin;C:\PROGRA~1\MICROS~4\Office;C:\PROGRA~1\ULTRAE~1;C:\Rati
  onal\common;C:\Rational\Rational Test;C:\jdk1.3\bin;C:\Ant\bin;
  D:\bea\wlserver6.0>set CLASSPATH=.;.\lib\weblogic_sp.jar;.\lib\weblogic.jar
  D:\bea\wlserver6.0>D:\bea\jdk130\bin\java -hotspot -ms64m -mx64m -classpath .;.\
  lib\weblogic_sp.jar;.\lib\weblogic.jar -Dweblogic.Domain=test -Dweblogic.Name=te
  stServer -Dbea.home=D:\bea -Dcloudscape.system.home=./samples/eval/cloudscape/da
  ta -Djava.security.policy==D:\bea\wlserver6.0/lib/weblogic.policy weblogic.Serve
  r
  Enter password to boot weblogic server:password
  Starting WebLogic Server ....
  <Feb 14, 2001 12:13:04 PM EST> <Notice> <Management> <Loading configuration file
  .\config\test\config.xml ...>
  <Feb 14, 2001 12:13:06 PM EST> <Info> <Logging> <Only log messages of severity "
  Error" or worse will be displayed in this window. This can be changed at Admin C
  onsole> test> Servers> testServer> Logging> Debugging> Stdout severity threshold
  >
  <Feb 14, 2001 12:13:08 PM EST> <Emergency> <Server> <Unable to initialize the se
  rver: 'Fatal initialization exception
  Throwable: java.lang.SecurityException: Authentication for user system denied in
  realm weblogic
  java.lang.SecurityException: Authentication for user system denied in realm webl
  ogic
  at weblogic.security.acl.Realm.authenticate(Realm.java:209)
  at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:229)
  at weblogic.security.acl.internal.Security.authenticate(Security.java:11
  3)
  at weblogic.security.SecurityService.initializeSuid(SecurityService.java
  :293)
  at weblogic.security.SecurityService.initialize(SecurityService.java:123
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:343)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
  at weblogic.Server.main(Server.java:35)
  '>
  The WebLogic Server did not start up properly.
  Exception raised: java.lang.SecurityException: Authentication for user system de
  nied in realm weblogic
  java.lang.SecurityException: Authentication for user system denied in realm webl
  ogic
  at weblogic.security.acl.Realm.authenticate(Realm.java:209)
  at weblogic.security.acl.Realm.getAuthenticatedName(Realm.java:229)
  at weblogic.security.acl.internal.Security.authenticate(Security.java:11
  3)
  at weblogic.security.SecurityService.initializeSuid(SecurityService.java
  :293)
  at weblogic.security.SecurityService.initialize(SecurityService.java:123
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:343)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:169)
  at weblogic.Server.main(Server.java:35)
  Reason: Fatal initialization exception
  D:\bea\wlserver6.0>goto finish
  D:\bea\wlserver6.0>cd config\test
  D:\bea\wlserver6.0\config\test>ENDLOCAL
  D:\bea\wlserver6.0\config\test>

  Seen this, may give a clue?
  Server Known Problems Change Request Number Description
  042556
  The weblogic.Admin command now requires the user and password options. For example:
  java weblogic.Admin -username system -password gumby1234
  The username "system" is required for most functions (for example: VERSION). If
  you do not specify -username system, you will get the following error:
  Exception in thread "main" java.lang.SecurityException: Authentication for user
  system denied in realm weblogic
  <<no stack trace available>>
  "lazar" <[email protected]> wrote:
  >
  I would also like to know, if there is a fix for it.
  Thanks
  Lazar
  Greg Layton <[email protected]> wrote:
  Did you ever get an answer to this. If so could you share it with me.ThanksGreg