JSSE response

Similar Messages

• Using JSSE : "Invalid Netscape CertType extension for SSL client" Error

  Hi all,
  Im using the sample code given sun site for JSSE with Client Authentication. The sample as such it worked with the testkeys provided in that. But it didn't workout when I tried using other certificates.
  Both client and server certificates I generated from our internal Netscape Certificate Manager.
  Function of the server :
  The server will read a private key from the given keystore and starts listening on a port. This server will server only GET request.
  Function of the client :
  The Client sends a GET request to the server and gets the response back.
  I simply changed the key store name alone in the working sample code.
  It is not working.
  The Exception thrown on client side :
  D:\users\Jp\java\jssesamples\sockets\client\class>java SSLSocketClientWithClientAuth1 localhost 1089 /urls
  localhost
  1089
  /urls
  java.net.SocketException: Software caused connection abort: socket write error
  at java.net.SocketOutputStream.socketWrite0(Native Method)
  at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92)
  at java.net.SocketOutputStream.write(SocketOutputStream.java:136)
  at com.sun.net.ssl.internal.ssl.OutputRecord.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SunJSSE_az.j(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA6275)
  at SSLSocketClientWithClientAuth1.main(SSLSocketClientWithClientAuth1.java:119)
  Exception thrown on server side :
  D:\users\Jp\java\jssesamples\sockets\server\class>java ClassFileServer 1089 . TLS true
  USAGE: java ClassFileServer port docroot [TLS [true]]
  If the third argument is TLS, it will start as
  a TLS/SSL file server, otherwise, it will be
  an ordinary file server.
  If the fourth argument is true,it will require
  client authentication as well.
  javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL client
  at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
  at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:406)
  at sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:446)
  at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:180)
  at java.io.InputStreamReader.read(InputStreamReader.java:167)
  at java.io.BufferedReader.fill(BufferedReader.java:136)
  at java.io.BufferedReader.readLine(BufferedReader.java:299)
  at java.io.BufferedReader.readLine(BufferedReader.java:362)
  at ClassServer.getPath(ClassServer.java:162)
  at ClassServer.run(ClassServer.java:109)
  at java.lang.Thread.run(Thread.java:536)
  Caused by: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL client
  at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkClientTrusted(DashoA6275)
  at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkClientTrusted(DashoA6275)
  ... 17 more
  error writing response: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateExce
  ption: Invalid Netscape CertType extension for SSL client
  javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: java.security.cert.Certificate
  Exception: Invalid Netscape CertType extension for SSL client
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.d(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.e(DashoA6275)
  at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
  at com.sun.net.ssl.internal.ssl.AppOutputStream.write(DashoA6275)
  at java.io.DataOutputStream.writeBytes(DataOutputStream.java:256)
  at ClassServer.run(ClassServer.java:128)
  at java.lang.Thread.run(Thread.java:536)
  Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Invalid Netscape CertType extension
  for SSL client
  at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA6275)
  at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
  at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:406)
  at sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:446)
  at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:180)
  at java.io.InputStreamReader.read(InputStreamReader.java:167)
  at java.io.BufferedReader.fill(BufferedReader.java:136)
  at java.io.BufferedReader.readLine(BufferedReader.java:299)
  at java.io.BufferedReader.readLine(BufferedReader.java:362)
  at ClassServer.getPath(ClassServer.java:162)
  at ClassServer.run(ClassServer.java:109)
  ... 1 more
  Caused by: java.security.cert.CertificateException: Invalid Netscape CertType extension for SSL client
  at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.a(DashoA6275)
  at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkClientTrusted(DashoA6275)
  at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkClientTrusted(DashoA6275)
  ... 17 more
  The Client code :
  * @(#)SSLSocketClientWithClientAuth.java     1.5 01/05/10
  * Copyright 1995-2002 Sun Microsystems, Inc. All Rights Reserved.
  * Redistribution and use in source and binary forms, with or
  * without modification, are permitted provided that the following
  * conditions are met:
  * -Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  * -Redistribution in binary form must reproduct the above copyright
  * notice, this list of conditions and the following disclaimer in
  * the documentation and/or other materials provided with the
  * distribution.
  * Neither the name of Sun Microsystems, Inc. or the names of
  * contributors may be used to endorse or promote products derived
  * from this software without specific prior written permission.
  * This software is provided "AS IS," without a warranty of any
  * kind. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND
  * WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY,
  * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY
  * EXCLUDED. SUN AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY
  * DAMAGES OR LIABILITIES SUFFERED BY LICENSEE AS A RESULT OF OR
  * RELATING TO USE, MODIFICATION OR DISTRIBUTION OF THE SOFTWARE OR
  * ITS DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE
  * FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT,
  * SPECIAL, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER
  * CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF
  * THE USE OF OR INABILITY TO USE SOFTWARE, EVEN IF SUN HAS BEEN
  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
  * You acknowledge that Software is not designed, licensed or
  * intended for use in the design, construction, operation or
  * maintenance of any nuclear facility.
  import java.net.*;
  import java.io.*;
  import javax.net.ssl.*;
  import javax.security.cert.X509Certificate;
  import java.security.KeyStore;
  * This example shows how to set up a key manager to do client
  * authentication if required by server.
  * This program assumes that the client is not inside a firewall.
  * The application can be modified to connect to a server outside
  * the firewall by following SSLSocketClientWithTunneling.java.
  public class SSLSocketClientWithClientAuth1 {
  public static void main(String[] args) throws Exception {
       String host = null;
       int port = -1;
       String path = null;
       for (int i = 0; i < args.length; i++)
       System.out.println(args);
       if (args.length < 3) {
       System.out.println(
            "USAGE: java SSLSocketClientWithClientAuth " +
            "host port requestedfilepath");
       System.exit(-1);
       try {
       host = args[0];
       port = Integer.parseInt(args[1]);
       path = args[2];
       } catch (IllegalArgumentException e) {
       System.out.println("USAGE: java SSLSocketClientWithClientAuth " +
            "host port requestedfilepath");
       System.exit(-1);
       try {
       * Set up a key manager for client authentication
       * if asked by the server. Use the implementation's
       * default TrustStore and secureRandom routines.
       SSLSocketFactory factory = null;
       try {
            SSLContext ctx;
            KeyManagerFactory kmf;
            KeyStore ks;
            char[] passphrase = "passphrase".toCharArray();
            ctx = SSLContext.getInstance("TLS");
            kmf = KeyManagerFactory.getInstance("SunX509");
            ks = KeyStore.getInstance("JKS");
  //          ks.load(new FileInputStream("testkeys"), passphrase);
            ks.load(new FileInputStream("clientkey"), passphrase);
            kmf.init(ks, passphrase);
            ctx.init(kmf.getKeyManagers(), null, null);
            factory = ctx.getSocketFactory();
       } catch (Exception e) {
            throw new IOException(e.getMessage());
       SSLSocket socket = (SSLSocket)factory.createSocket(host, port);
       * send http request
       * See SSLSocketClient.java for more information about why
       * there is a forced handshake here when using PrintWriters.
       socket.startHandshake();
       PrintWriter out = new PrintWriter(
                      new BufferedWriter(
                      new OutputStreamWriter(
                      socket.getOutputStream())));
       out.println("GET " + path + " HTTP/1.1");
            /* Some internet sites throw bad request error for HTTP/1.1 req if hostname is not specified so the foll line */
            out.println("Host: " + host);
       out.println();
       out.flush();
       * Make sure there were no surprises
       if (out.checkError())
            System.out.println(
            "SSLSocketClient: java.io.PrintWriter error");
       /* read response */
       BufferedReader in = new BufferedReader(
                      new InputStreamReader(
                      socket.getInputStream()));
       String inputLine;
       while ((inputLine = in.readLine()) != null)
            System.out.println(inputLine);
       in.close();
       out.close();
       socket.close();
       } catch (Exception e) {
       e.printStackTrace();
  The Server code :
  * @(#)ClassFileServer.java     1.5 01/05/10
  * Copyright 1995-2002 Sun Microsystems, Inc. All Rights Reserved.
  * Redistribution and use in source and binary forms, with or
  * without modification, are permitted provided that the following
  * conditions are met:
  * -Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  * -Redistribution in binary form must reproduct the above copyright
  * notice, this list of conditions and the following disclaimer in
  * the documentation and/or other materials provided with the
  * distribution.
  * Neither the name of Sun Microsystems, Inc. or the names of
  * contributors may be used to endorse or promote products derived
  * from this software without specific prior written permission.
  * This software is provided "AS IS," without a warranty of any
  * kind. ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND
  * WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY,
  * FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE HEREBY
  * EXCLUDED. SUN AND ITS LICENSORS SHALL NOT BE LIABLE FOR ANY
  * DAMAGES OR LIABILITIES SUFFERED BY LICENSEE AS A RESULT OF OR
  * RELATING TO USE, MODIFICATION OR DISTRIBUTION OF THE SOFTWARE OR
  * ITS DERIVATIVES. IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE
  * FOR ANY LOST REVENUE, PROFIT OR DATA, OR FOR DIRECT, INDIRECT,
  * SPECIAL, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER
  * CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF
  * THE USE OF OR INABILITY TO USE SOFTWARE, EVEN IF SUN HAS BEEN
  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
  * You acknowledge that Software is not designed, licensed or
  * intended for use in the design, construction, operation or
  * maintenance of any nuclear facility.
  import java.io.*;
  import java.net.*;
  import java.security.KeyStore;
  import javax.net.*;
  import javax.net.ssl.*;
  import javax.security.cert.X509Certificate;
  /* ClassFileServer.java -- a simple file server that can server
  * Http get request in both clear and secure channel
  * The ClassFileServer implements a ClassServer that
  * reads files from the file system. See the
  * doc for the "Main" method for how to run this
  * server.
  public class ClassFileServer extends ClassServer {
  private String docroot;
  private static int DefaultServerPort = 2001;
  * Constructs a ClassFileServer.
  * @param path the path where the server locates files
  public ClassFileServer(ServerSocket ss, String docroot) throws IOException
       super(ss);
       this.docroot = docroot;
  * Returns an array of bytes containing the bytes for
  * the file represented by the argument <b>path</b>.
  * @return the bytes for the file
  * @exception FileNotFoundException if the file corresponding
  * to <b>path</b> could not be loaded.
  public byte[] getBytes(String path)
       throws IOException
       System.out.println("reading: " + path);
       File f = new File(docroot + File.separator + path);
       int length = (int)(f.length());
       if (length == 0) {
       throw new IOException("File length is zero: " + path);
       } else {
       FileInputStream fin = new FileInputStream(f);
       DataInputStream in = new DataInputStream(fin);
       byte[] bytecodes = new byte[length];
       in.readFully(bytecodes);
       return bytecodes;
  * Main method to create the class server that reads
  * files. This takes two command line arguments, the
  * port on which the server accepts requests and the
  * root of the path. To start up the server: <br><br>
  * <code> java ClassFileServer <port> <path>
  * </code><br><br>
  * <code> new ClassFileServer(port, docroot);
  * </code>
  public static void main(String args[])
       System.out.println(
       "USAGE: java ClassFileServer port docroot [TLS [true]]");
       System.out.println("");
       System.out.println(
       "If the third argument is TLS, it will start as\n" +
       "a TLS/SSL file server, otherwise, it will be\n" +
       "an ordinary file server. \n" +
       "If the fourth argument is true,it will require\n" +
       "client authentication as well.");
       int port = DefaultServerPort;
       String docroot = "";
       if (args.length >= 1) {
       port = Integer.parseInt(args[0]);
       if (args.length >= 2) {
       docroot = args[1];
       String type = "PlainSocket";
       if (args.length >= 3) {
       type = args[2];
       try {
       ServerSocketFactory ssf =
            ClassFileServer.getServerSocketFactory(type);
       ServerSocket ss = ssf.createServerSocket(port);
       if (args.length >= 4 && args[3].equals("true")) {
            ((SSLServerSocket)ss).setNeedClientAuth(true);
       new ClassFileServer(ss, docroot);
       } catch (IOException e) {
       System.out.println("Unable to start ClassServer: " +
                 e.getMessage());
       e.printStackTrace();
  private static ServerSocketFactory getServerSocketFactory(String type) {
       if (type.equals("TLS")) {
       SSLServerSocketFactory ssf = null;
       try {
            // set up key manager to do server authentication
            SSLContext ctx;
            KeyManagerFactory kmf;
            KeyStore ks;
            char[] passphrase = "passphrase".toCharArray();
            ctx = SSLContext.getInstance("TLS");
            kmf = KeyManagerFactory.getInstance("SunX509");
            ks = KeyStore.getInstance("JKS");
  //          ks.load(new FileInputStream("testkeys"), passphrase);
            ks.load(new FileInputStream("serverkey"), passphrase);
            kmf.init(ks, passphrase);
            ctx.init(kmf.getKeyManagers(), null, null);
            ssf = ctx.getServerSocketFactory();
            return ssf;
       } catch (Exception e) {
            e.printStackTrace();
       } else {
       return ServerSocketFactory.getDefault();
       return null;
  Could anyone help ?
  thanks in advance
  Jayaprakash

  The same thing.
  I have found the place where the exception throws.
  It is com.sun.net.ssl.internal.ssl.AVA class.
  It has a constructor AVA(StringReader)
  There is a check in this constructor of different certificate extensions
  (if-else). If it sees no familiar extension it throws exception and handshake fails.
  It is not difficult to fix this problem: just ignore unknown extension.
  Everything works fine with this "improved" class (under VA 3.5).
  But the problem is - the using of this class in applets.
  How can I say the browser to use my "improved" class and not the one it downloaded with java plug-in?

• Problem in SSL programation client in Weblogic 5.1 using JSSE

  How to solve this Exception. When I sent more than 8000 bytes of data in the request weblogic 5.1 in solaris server gives me this error. But the same server and same configuration in Window NT with same SSLClient program does not give any expection even if i send 60000 bytes in the request.
  SSLClient Program used given below. How to solve this problem. Any server setting is required.
  Exception got in the weblogic server 5.1 in solaris server
  weblogic.socket.MaxMessageSizeExceededException: [Incoming HTTP request headers of size 8320 bytes exceeds the configured maximum of 8192 bytes]
  at weblogic.socket.MuxableSocketHTTP.incrementBufferOffset(MuxableSocketHTTP.java:111)
  at weblogic.socket.SSLFilter.isMessageComplete(SSLFilter.java:195)
  at weblogic.socket.PosixSocketMuxer.processSockets(PosixSocketMuxer.java:361)
  at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:23)
  at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:129)
  SSLClient Program used: JSSE 1.0.2 package is used for SSL
  import java.io.*;
  import javax.net.ssl.*;
  import java.net.*;
  import com.sun.net.ssl.*;
  import java.security.KeyStore;
  public class SSLClient {
       public SSLClientCheck()
            System.out.println(" SSLClient is instantiated ...");     
       public String getSSLConnection(String host,String port,String keystorepwd,String truststorepwd,
                                          String keystorepath,String truststorepath,String filepath,String parName,String message)throws Exception
            String output = "";
            int iport = Integer.parseInt(port);
                           SSLSocketFactory factory = null;          
                           SSLContext ctx;
                           KeyManagerFactory kmf;                         
                           KeyStore ks;                         
                           KeyStore ks2;
                           TrustManagerFactory tmf;
                           char[] storepass = keystorepwd.toCharArray();
                           char[] truststorepass = truststorepwd.toCharArray();
                           ctx = SSLContext.getInstance("SSLv3");                    
                           kmf = KeyManagerFactory.getInstance("SunX509");
                           ks = KeyStore.getInstance("JKS");                         
                           ks.load(new FileInputStream(keystorepath), storepass);
                           kmf.init(ks, storepass);                         
                           tmf = TrustManagerFactory.getInstance("SunX509");                         
                           ks2 = KeyStore.getInstance("JKS");
                           ks2.load(new FileInputStream(truststorepath), truststorepass);
                           tmf.init(ks2);
                           ctx.init(kmf.getKeyManagers(),tmf.getTrustManagers(), null);     
                           factory = ctx.getSocketFactory();
                 SSLSocket socket = (SSLSocket)factory.createSocket(host,iport);
                 socket.startHandshake();
                 PrintWriter out = new PrintWriter(
                                new BufferedWriter(
                                new OutputStreamWriter(
                                     socket.getOutputStream())));
                 out.println("GET " + filepath+"?"+parName+"="+URLEncoder.encode(message) + " HTTP/1.0");
                 out.println();
                 out.flush();
                 if (out.checkError())
                      System.out.println("SSLSocketClient: java.io.PrintWriter error");
                 /* read response */
                 BufferedReader in = new BufferedReader(
                                new InputStreamReader(
                                socket.getInputStream()));
                      String inputLine ;                    
                      while ((inputLine = in.readLine()) != null){                         
                      output = output+inputLine;
                           //System.out.println(inputLine);                    
                 in.close();
                 out.close();
                 socket.close();                    
            return output;
       public static void main(String args[])
                 String host = "host name";
                 String port="7001";
                 String keystorepwd="cqrcqr";
                 String keystorepwd="changeit";
                 String keystorepath ="d:/weblogic/myserver/certificate/cqrstore";
                 String truststorepath="d:/jdk1.3/jre/security/cacerts";
                 String filepath="/servlets/SSLDemo";
                 String parName="xml_message";
                 String message="xml message";// of size more than 9000 bytes
            try{
            SSLClient ssl = new SSLClient();
            String output = ssl.getSSLConnection(host,port,keystorepwd,keystorepwd,keystorepath,truststorepath,filepath,parName,message);
            System.out.println(output);
            catch(Exception e)
                 e.printStackTrace();
  }

  Maybe you should consider upgrading your Weblogic to a newer one. It might resolve the issue.

• Help with java.lang.ClassCastException in JSSE

  I need an urgent help.
  i am writing code in JSSE for getting Server certificater(through SSL)
  i wrote
  public class url
  public static void main(String[] args)
  try
  System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.www.protocol");
  Security.addProvider(new Provider());
  URL url=new URL("https://localhost:8443");
  HttpsURLConenction urlc=(HttpsURLConnection) url.openConnection();
  catch(Exception e)
  System.out.println(e);
  when i am executing this programing, i am getting the following run time error
  java.lang.ClassCastException
  I think i am getting error for the following line of code
  " HttpsURLConenction urlc=(HttpsURLConnection)url.openConnection(); "
  Please help me out to overcome this run time error.
  I would be grateful to you if you can solve my error

  Hi all
  I have the same error:
  java.lang.ClassCastException: com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnectionOldImpl
  MY CODE IS:
  // Set the system and security properties
                 System.setProperty("javax.net.ssl.trustStore",
                           "C:\\certificados\\cacerts");
                 System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
                 // Keystore location and password
                 System.setProperty("javax.net.ssl.keyStore",
                           "C:\\certificados\\keystore");
                 System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
  //Set the request
  String url_ = "https://195.235.160.165";
  //Creamos la petici�n html
  StringBuffer buffer = new StringBuffer();
  buffer.append(url_);
  buffer.append("/GPP/WLServer?Method=M_FINDIT&CLIENT=");
  buffer.append(client);
  buffer.append("&CLI_PASSWD=");
  buffer.append(cli_passwd);
  buffer.append("&USER=");
  buffer.append(user_login);
  buffer.append("&USER_PASSWD=");
  buffer.append(user_passwd);
  buffer.append("&TUSERID=");
  buffer.append(MSISDN);
  buffer.append("&TUSERID_TYPE=MSISDN");
  buffer.append("&GROUP=");
  buffer.append(group_id);
  buffer.append("&SRS=GPP:UTM28");
  url_ = buffer.toString();
  URL url = new URL(url_);
  HttpsURLConnection conn = (HttpsURLConnection)url.openConnection();
  conn.setHostnameVerifier(new HostnameVerifier() {
  public boolean verify(String hostname, SSLSession session)
  // I don't care if the certificate doesn't match host name
  return true;
  BufferedReader in = new BufferedReader(
                      new InputStreamReader(
                      conn.getInputStream()));
  //Creates a writer with the encoding parameter as "UTF-8"
  Writer out_ = new OutputStreamWriter(response.getOutputStream(), "UTF-8" );
  String inputLine;
       String fichero_in = "";
       while ((inputLine = in.readLine()) != null){               
       if(inputLine.length()!=0){
            System.out.println(inputLine);
            fichero_in = inputLine;
            out_.write(inputLine);
       in.close();
  //Sets the Content-Type header
  response.setContentType("application/xml; charset=utf-8");
       //response.setContentType("text/html; charset=UTF-8");
  //Sends the response XML to the client
  out_.write(url_);
  //out_.write(fichero_in);
  out_.flush();
  response.sendRedirect(response.encodeRedirectURL("out_"));
  Anyone can hel me??
  Thanks in advance

• Proxy Client response table with empty lines

  Hi,
  I'm consumig external webservice with ABAP (No XI scenario) and comuncation it seems correct. When I execute the client proxy from SE80 directly, I can see the XML response with table element ans its respectives contens.
  Unfortunately, when I call the proxy trhough a program, the table returned by te proxy client is filled with lines but each field of line is empty. It seems all is ok.
  I tried to regenerate proxy client and i have the same problem.
  Anybody knows what is the problem? I tried to debug but I don't konw how to see where SAP converts the XML to ABAP objects.
  Thanks,
  Regards

  Well, you have to tell Outlook to trust the server's root certificate, however than is done, or use a certificate at the server which is trusted by Outlook, for which see the JDK Guide to Features->Security->JSSE.
  The empty strings will solve themselves once the client trusts the server, but you shouldn't be using readLine, you should be reading bytes and decoding according to the POP3 or IMAP protocol definitions.

• Proxy authentication doesn't work with JSSE

  Hello,
  Seems like there is no common way to authenticate with proxy for HTTP and HTTPS.
  Connecting to http://... - works fine, but https://... returns error message:
  Unable to tunnel through 111.111.111.111:8080. Proxy returns "HTTP/1.0 407 Proxy Authentication Required"
  (IP address is intentionally changed in the message above)
  I'm using JSSE with VAJ JDK 1.2 and here is a Java code snippet that works well with HTTP connections:
  Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
  System.setProperty("java.protocol.handler.pkgs",
  "com.sun.net.ssl.internal.www.protocol");
  System.setProperty("https.proxyHost", proxyHost);
  System.setProperty("https.proxyPort", proxyPort);
  System.setProperty("http.proxyHost", proxyHost);
  System.setProperty("http.proxyPort", proxyPort);
  try {
  URL url = new URL("https://www.sun.com");
  URLConnection connection = url.openConnection();
  String authString = proxyUserID + ":" + proxyPasswd;
  String encodedAuthString =
  "Basic " + new sun.misc.BASE64Encoder().encode(authString.getBytes());
  connection.setUseCaches(false);
  connection.setRequestProperty("Proxy-authorization", encodedAuthString);
  Listening to the network traffic helped me to understand that there is a difference between the way HTTP and HTTPS is handled. For some reason HTTPS ignores all the headers that I specify using setRequestProperty().
  Here is example of request and responses sent by HTTPS handler:
  Request:
  CONNECT 198.175.98.32:443 HTTP/1.0
  User-Agent: JSSE
  Proxy response:
  HTTP/1.0 407 Proxy Authentication Required
  Date: Wed, 07 Nov 2001 22:04:11 GMT
  Content-Length: 233
  Content-Type: text/html
  Server: NetCache (NetApp/5.1R2D4)
  Proxy-Authenticate: basic realm="NETCACHE2"
  Please note that there is no Proxy-authorization header in the request above.
  Compare it with HTTPS request sent by Netscape browser:
  Request to proxy:
  CONNECT www.sun.com:443 HTTP/1.0
  Proxy-authorization: Basic am0vbDphrGxHa22lLg==
  User-Agent: Mozilla/4.76 [en] (Windows NT 5.0; U)
  Response:
  HTTP/1.0 200 Connection established
  Proxy-Agent: NetCache NetApp/5.1R2D4
  So, the question is:
  What is the best way to pass "Proxy-authorization" header to proxy server??
  Thanks in advance for your time.

  Hi Guys,
  Just like, i assume, all of you, i've had my battles with javas' handling of https comms from behind a firewall. I'm actually amazed at how something that is a simple combination of protocol and security should become so messy.
  Luckily , i managed to get all my requirements met, but the sad thing is after all that hard work, i'm not much closer to understanding why the standard java sdk (im using 1.4) forces us to endure such painful tasks.
  Really, Java is quite a mature language now, and one of its touted benefits is its applicability to web and internet technologies... so why the messy proxy code when dealing with ssl?
  Anyway, i didn't really come here to b**tch, but rather to point you all to a handy library from apache - httpClient - http://jakarta.apache.org/commons/httpclient.
  After implementing ssl proxy tunnelling and all the fun that goes with it, i found this tool, and subsequently deleted all that ugly code, and let http client deal with all that for me.
  Its seriously simple, heres a snippet:
  httpClient = new HttpClient();
  httpClient.setTimeout(responseTimeoutMillies);
  Protocol myHttps = new Protocol("https", new SSLContextBasedSocketFactory(sslContext), targetServerPort);
  httpClient.getHostConfiguration().setHost(targetServerHost, targetServerPort, myHttps);
  if (useProxy)
       httpClient.getHostConfiguration().setProxy(proxyHost, proxyPort);
          httpClient.getState().setProxyCredentials("my-proxy-realm", proxyHost, new UsernamePasswordCredentials(proxyUser, proxyPassword));
  }This initialises the client, and after this, making http requests is simple:
  String response = null;
  PostMethod postMethod = new PostMethod("/secure/blah.jsp"); // A HTTP Post
  postMethod.setRequestBody("Hello there"); // this is the data in the http post body
  int responseCode = httpClient.executeMethod(postMethod);
  if(responseCode == 200)
      response = postMethod.getResponseBody();...
  As you can see, its alot less painful. It certainly makes me feel better, knowing i don't have to support/maintain the ugly proxy tunnelling code. Give it a shot on your next project.
  Hope it helps.
  Regards
  Marcus Eaton

• Class com.ibm.jsse.be configured for a TrustManagerFactory : Help needed

  Hi
  I am getting the following runtime error when trying for a HTTPS connection from my java code.
  Runtime Error : Class com.ibm.jsse.be configured for a TrustManagerFactory: not a TrustManagerFactory Action: 4 Class: com.americanexpress.teen.common.fis.FISInterface Method: getFISTestData(String fisURL) Exception:java.net.SocketException: Class com.ibm.jsse.be configured for a TrustManagerFactory: not a TrustManagerFactory
       at javax.net.ssl.DefaultSSLSocketFactory.createSocket(Unknown Source)
       at com.ibm.net.ssl.www.protocol.https.b.b(Unknown Source)
       at com.ibm.net.ssl.www.protocol.http.bs.a(Unknown Source)
       at com.ibm.net.ssl.www.protocol.http.bs.o(Unknown Source)
       at com.ibm.net.ssl.www.protocol.https.b.<init>(Unknown Source)
       at com.ibm.net.ssl.www.protocol.https.b.a(Unknown Source)
       at com.ibm.net.ssl.www.protocol.https.b.a(Unknown Source)
       at com.ibm.net.ssl.www.protocol.https.b.a(Unknown Source)
       at com.ibm.net.ssl.www.protocol.https.p.b(Unknown Source)
       at com.ibm.net.ssl.www.protocol.https.p.connect(Unknown Source)
       at com.ibm.net.ssl.www.protocol.http.bw.getInputStream(Unknown Source)
       at com.ibm.net.ssl.www.protocol.http.bw.getHeaderField(Unknown Source)
       at com.ibm.net.ssl.www.protocol.http.bw.getResponseCode(Unknown Source)
       at com.ibm.net.ssl.internal.www.protocol.https.HttpsURLConnection.getResponseCode(Unknown Source)
       at com.americanexpress.teen.common.fis.FISInterface.getFISTestData(FISInterface.java:2238)
       at org.apache.jsp._fisTestPage._jspService(_fisTestPage.java:112)
       at com.ibm.ws.webcontainer.jsp.runtime.HttpJspBase.service(HttpJspBase.java:89)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.ibm.ws.webcontainer.jsp.servlet.JspServlet$JspServletWrapper.service(JspServlet.java:344)
       at com.ibm.ws.webcontainer.jsp.servlet.JspServlet.serviceJspFile(JspServlet.java:669)
       at com.ibm.ws.webcontainer.jsp.servlet.JspServlet.service(JspServlet.java:767)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
       at com.ibm.ws.webcontainer.servlet.StrictServletInstance.doService(StrictServletInstance.java:110)
       at com.ibm.ws.webcontainer.servlet.StrictLifecycleServlet._service(StrictLifecycleServlet.java:174)
       at com.ibm.ws.webcontainer.servlet.IdleServletState.service(StrictLifecycleServlet.java:313)
       at com.ibm.ws.webcontainer.servlet.StrictLifecycleServlet.service(StrictLifecycleServlet.java:116)
       at com.ibm.ws.webcontainer.servlet.ServletInstance.service(ServletInstance.java:283)
       at com.ibm.ws.webcontainer.servlet.ValidServletReferenceState.dispatch(ValidServletReferenceState.java:42)
       at com.ibm.ws.webcontainer.servlet.ServletInstanceReference.dispatch(ServletInstanceReference.java:40)
       at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:61)
       at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.handleWebAppDispatch(WebAppRequestDispatcher.java:974)
       at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.dispatch(WebAppRequestDispatcher.java:564)
       at com.ibm.ws.webcontainer.webapp.WebAppRequestDispatcher.forward(WebAppRequestDispatcher.java:200)
       at com.ibm.ws.webcontainer.srt.WebAppInvoker.doForward(WebAppInvoker.java:119)
       at com.ibm.ws.webcontainer.srt.WebAppInvoker.handleInvocationHook(WebAppInvoker.java:276)
       at com.ibm.ws.webcontainer.cache.invocation.CachedInvocation.handleInvocation(CachedInvocation.java:71)
       at com.ibm.ws.webcontainer.srp.ServletRequestProcessor.dispatchByURI(ServletRequestProcessor.java:182)
       at com.ibm.ws.webcontainer.oselistener.OSEListenerDispatcher.service(OSEListener.java:334)
       at com.ibm.ws.webcontainer.http.HttpConnection.handleRequest(HttpConnection.java:56)
       at com.ibm.ws.http.HttpConnection.readAndHandleRequest(HttpConnection.java:618)
       at com.ibm.ws.http.HttpConnection.run(HttpConnection.java:439)
       at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:672)
  My application is trying to a https://xyz.com from java code and i am getting the above exception.
  I tried connecting to "https://xyz.com " from my workspace via Websphere 5.1 server and my server is throwing the above exception. I have extened the ibmjsse provided by WAS 5.1 and using it for connecting to the HTTPS URL.
  I feel the above problem might be due to network issues. Please help me in resolving the same.
  Thanks in advance !!!!!

  Steps i have done to ensure the connectivity :
  Method A :
  1) I imported the pfx and CA certificates given by xyz.com in my web browser (IE)
  2) After that, I tried connecting to "https://xyz.com" from browser and getting a proper response.
  Method B :
  1) I updated the jre cacert with CA certificate given by xyz.com
  2) Loaded the pfx keystore from my java client code program and ran it as a java standalone code and got the proper response.
  My java code
  import java.io.*;
  import java.net.*;
  import javax.net.ssl.HttpsURLConnection;
  import javax.net.ssl.*;
  import java.security.*;
  import java.sql.Time;
  public class HTTPSConnect{
       public static void main(String[] args)
                 URL url;
                 StringBuffer buffer;
                 String line;
                 int responseCode=0;
                 HttpsURLConnection connection = null;
                 InputStream input;
                 BufferedReader dataInput;
                 //FIS Sample URL
                 String fisURL = "https://xyz.com";
                 String fisResp = "";
                 try
                 Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
                 System.setProperty("javax.net.debug", "all");
                 String path = "F:\\MyCertificate.pfx";
                 String type = "pkcs12";
                 String password = "abc123";
                 System.setProperty("javax.net.ssl.keyStoreType", type);
                 System.setProperty("javax.net.ssl.keyStore",path);
                 System.setProperty("javax.net.ssl.keyStorePassword",password);
                      url = new URL(fisURL);
                      //Create the connection
                      connection = (HttpsURLConnection) url.openConnection();
                      connection.setUseCaches(false);
                      //Get the response code for the HTTPS connection
                      responseCode = connection.getResponseCode();
                 if (200 == responseCode)
                      buffer = new StringBuffer();
                      //Getting the FIS Response XML using the Stream reader
                      input = connection.getInputStream();
                      dataInput = new BufferedReader(new InputStreamReader(input));
                           while ((line = dataInput.readLine()) != null)
                                buffer.append(line);
                                buffer.append('\n');
                      fisResp = (String) buffer.toString().trim();
                 else
                      System.out.println("HTTP Status-Code : " + responseCode);
                 catch (MalformedURLException mue)
                      System.out.println("Exception in URL : " + mue.getMessage() );
                      mue.printStackTrace();
                 catch (IOException ioe)
                      System.out.println("IO Exception : " + ioe.getMessage() );
                      ioe.printStackTrace();
                 catch (Exception e)
                      System.out.println("Exception : " + e.getMessage() );
                      e.printStackTrace();
                 System.out.println("FIX XML Response : " + fisResp);
                 System.out.println("Response Code of HTTPS Connection : " + responseCode);
  Please let me know if i am missing something :)

• Proxy authorization doesn't work with JSSE 1.02

  Hello,
  Seems like there is no common way to authenticate with proxy for HTTP and HTTPS.
  Connecting to http://... - works fine, but https://... returns error message:
  Unable to tunnel through 111.111.111.111:8080. Proxy returns "HTTP/1.0 407 Proxy Authentication Required"
  (IP address is intentionally changed in the message above)
  I'm using JSSE with VAJ JDK 1.2 and here is a Java code snippet that works well with HTTP connections:
       Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
       System.setProperty("java.protocol.handler.pkgs",
            "com.sun.net.ssl.internal.www.protocol");
       System.setProperty("https.proxyHost", proxyHost);
       System.setProperty("https.proxyPort", proxyPort);
       System.setProperty("http.proxyHost", proxyHost);
       System.setProperty("http.proxyPort", proxyPort);
       try {
            URL url = new URL("https://www.sun.com");
            URLConnection connection = url.openConnection();
            String authString = proxyUserID + ":" + proxyPasswd;
            String encodedAuthString =
                 "Basic " + new sun.misc.BASE64Encoder().encode(authString.getBytes());
            connection.setUseCaches(false);
            connection.setRequestProperty("Proxy-authorization", encodedAuthString);
  Listening to the network traffic helped me to understand that there is a difference between the way HTTP and HTTPS is handled. For some reason HTTPS ignores all the headers that I specify using setRequestProperty().
  Here is example of request and responses sent by HTTPS handler:
  Request:
  CONNECT 198.175.98.32:443 HTTP/1.0
  User-Agent: JSSE
  Proxy response:
  HTTP/1.0 407 Proxy Authentication Required
  Date: Wed, 07 Nov 2001 22:04:11 GMT
  Content-Length: 233
  Content-Type: text/html
  Server: NetCache (NetApp/5.1R2D4)
  Proxy-Authenticate: basic realm="NETCACHE2"
  Please note that there is no Proxy-authorization header in the request above.
  Compare it with HTTPS request sent by Netscape browser:
  Request to proxy:
  CONNECT www.sun.com:443 HTTP/1.0
  Proxy-authorization: Basic am0vbDphrGxHa22lLg==
  User-Agent: Mozilla/4.76 [en] (Windows NT 5.0; U)
  Response:
  HTTP/1.0 200 Connection established
  Proxy-Agent: NetCache NetApp/5.1R2D4
  So, the question is:
  What is the best way to pass "Proxy-authorization" header to proxy server??
  Thanks in advance for your time.

  Hi, I am also facing same problem
  Software : Weblogic jdk1.3.1
  If anyone know the solution ,Please help me
  Thanks,
  Suneel

• IBM JSSE SSL is very slow under AIX

  When I select the JSSE SSL implementation under AIX my WLS instance becomes very, very slow. Response times for simple user actions are ~26 sec. while the CPU is idle. I select the JSSE implemenation in the WLS Admin Console as follows:
  Environment > Servers > AdminServer > SSL > Advanced > Use JSSE SSL
  I configured WLS to use TLSv1 as described in:
  Client-cert atn fails under AIX
  My JDK is IBM J9 SR-9. I'm not able to reproduce this issue with the J9 SR-9 build for Win32.
  Is this a known issue under AIX? And is there any workaround available?
  Thanks in advance!
  Bas

  When I select the JSSE SSL implementation under AIX my WLS instance becomes very, very slow. Response times for simple user actions are ~26 sec. while the CPU is idle. I select the JSSE implemenation in the WLS Admin Console as follows:
  Environment > Servers > AdminServer > SSL > Advanced > Use JSSE SSL
  I configured WLS to use TLSv1 as described in:
  Client-cert atn fails under AIX
  My JDK is IBM J9 SR-9. I'm not able to reproduce this issue with the J9 SR-9 build for Win32.
  Is this a known issue under AIX? And is there any workaround available?
  Thanks in advance!
  Bas

• Classloader Exception when using JSSE within WL 6.1 SP4

  I am trying to use JSSE to create my own SSL listener within weblogic. It works
  fine when I use it outside weblogic but I seem to run into a wierd classloader
  issue when I try to bring up the listener, from within weblogic, as part of a
  startup class.
  From what I can tell, weblogic seems to load some classes from the com.RSA.jsafe
  that are potentially unsigned or has a different signature than the classes that
  are loaded from jsse jar. This happens only when weblogic's SSL port is enabled.
  Anyone know how to get around this? The only way I was able to get around this
  is by specifying
  "com.sun.net.ssl.internal.ssl.Provider" as the first security provider in the
  java.security file but I would like to avoid this, if possible.
  java.security.NoSuchAlgorithmException: class com.sun.net.ssl.internal.ssl.JSA_RSAKeyFactory
  configured for KeyFactory(provider: null) cannot be accessed.
  class "COM.rsa.jsafe.SunJSSE_aa"'s signer information does not match signer information
  of other classes in the same package
       at com.epiphany.shr.push.webserver.JsseListener.newServerSocket(JsseListener.java:165)
       at com.epiphany.shr.push.webserver.BaseListener.start(BaseListener.java:302)
       at com.epiphany.shr.push.webserver.SocketListener.start(SocketListener.java:64)
       at com.epiphany.shr.push.webserver.HttpServer.start(HttpServer.java:111)
       at com.epiphany.shr.push.webserver.HttpServer.startHttpServer(HttpServer.java:45)

  Hi Yatin,
  I cannot comment on whether you have taken the correct approach but if you are
  not running Service Pack 2 I believe there are a couple of JSSE fixes in it.
  Kind Regards,
  Richard Wallace
  Senior Developer Relations Engineer
  BEA Support.
  "Yatin Kulkarni" <[email protected]> wrote:
  >
  >
  >
  Hi,
  I am attaching a small servlet that I wrote and tested on a Tomcat server
  that
  uses JSSE and HTTPS to communicate with an authentication server. Once,
  I had
  JSSE properly configured under Tomcat the code worked just fine. However,
  when
  I deployed the servlet on a WebLogic 6.1 server (all the three jar files
  jcert.jar,
  jnet.jar, and jsse.jar are in the servers class path and a security provider
  has
  been added to the java.security file for the JDK) I am not getting any
  certificates
  from the authentication server and I also get the following exception
  java.io.FileNotFoundException: Response: '403: Forbidden' for url: 'https://<authentication
  server url>
  Am I forgetting something? What is the suggested process for using JSSE
  with WebLogic
  6.1?
  Any help on this matter would be greatly appreciated.
  Regards,
  Yatin Kulkarni
  Fremont, CA

• Does Weblogic provide JSSE-like API?

  Does weblogic's SSL implementation provide an API that's like the one
  provided by SUN's reference implementation (i.e. javax.net, javax.net.ssl,
  etc.) so that a java client can do SSLSocket connection with a weblogic
  powered web site?
  Thanks,
  Honbo

  Thanks again! Robert.
  Any comments on the client certificate to user mapping debugging question?
  Honbo
  "Robert Patrick" <[email protected]> wrote in message
  news:[email protected]..
  I believe that we use JSafe from RSA internally. I don't have anyspecific
  recommendations one way or the other...
  Honbo Zhou wrote:
  Hi, Robert,
  Thanks for the response. I do need to use the socket level API instead
  of
  the RMI-based java clients. Which package/implementation do you
  recommend other than the refenece implementation (JSSE) from SUN?
  Thanks again,
  Honbo
  "Robert Patrick" <[email protected]> wrote in message
  news:[email protected]..
  If you want to use SSL from a remote Java Client (i.e., RMI client),
  then
  simply change the PROVIDER_URL specified to the InitialContextconstructor
  from "t3://hostname:port" to either "t3s://hostname:port" or
  "https://hostname:port".
  We are not allowed by our licensing agreement with our SSL provider toexport
  generic SSL capabilities at the socket level. If you need this, then
  you
  will
  need to use another package that contains this type of functionality.
  Hope this helps,
  Robert
  Honbo Zhou wrote:
  Does weblogic's SSL implementation provide an API that's like the
  one
  provided by SUN's reference implementation (i.e. javax.net,javax.net.ssl,
  etc.) so that a java client can do SSLSocket connection with a
  weblogic
  powered web site?
  Thanks,
  Honbo

• Sun JSSE intergration with WebLogic

  First, I should state that I have been able to get my application to work in Tomcat
  and run on it's own, but not in WebLogic.
  Has anyone used Sun's JSSE implementation from within WebLogic? Is it possible
  to do so?
  I have set the following properties:
  System.setProperty("java.protocol.handler.pkgs",
  "com.sun.net.ssl.internal.www.protocol");
  System.setProperty("javax.net.ssl.keyStoreType",
  "pkcs12");
  System.setProperty("javax.net.ssl.keyStore",
  keystore);
  System.setProperty("javax.net.ssl.keyStorePassword",
  keyStorePassword);
  System.setProperty("javax.net.ssl.trustStore",
  trustStore);
  System.setProperty("javax.net.ssl.trustStorePassword",
  trustStorePassword);
  Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
  I get the following exception when writing to the output stream of HttpsURLConnection:
  java.io.IOExceptionWrite Channel Closed, possible SSL handshaking or trust failure
  I am not that familiar with Weblogic, so any suggestions are welcome.

  No, the loadLocalIdentity methods that take InputStream-s expect streams for the
  certificate and the key pem files, with the key in pkcs8 format. If your certificate
  is in pkcs12 keystore, you can read the cert and the key using java keystore api,
  and then load them with the loadLocalIdentity(Certificate[], PrivateKey) method.
  Pavel.
  "Dave" <[email protected]> wrote:
  >
  Thanks for the response I appreciate it. I do have some follow up questions
  you
  may be able to help me with.
  This application is performing two way SSL, but in this case my web app
  (deployed
  in WLS) is the client. Making a https call to public server that requires
  the
  client certificate. The public server issues the client certificates
  in pkcs12
  format. Can the weblogic.net.http.HttpsURLConnection class or WebLogic
  SSL implementation
  handle that format?
  Thanks.
  "tm" <no-reply> wrote:
  From a coworker:
  It sounds like in this particular case they are using an URL to open
  the
  connection.
  On the server this will return a weblogic.net.http.HttpsURLConnection,
  which
  does not support the jsse configuration properties.
  In the case of a one way connection they might be able to fix this by
  setting weblogic.security.SSL.trustedCAKeyStore instead.
  For two way they would need to use our HttpsURLConnection api to load
  identity.
  -tm
  "tm" <no-reply> wrote in message news:[email protected]...
  To the best of my knowledge, BEA doesn't test or claim to support
  any
  scenarios with Sun JSSE running inside a WLS server when the WLS serveris
  setup to use SSL. However, it might work.
  In any case, to see what WLS SSL is complaining about, turn on SSLdebug
  tracing:
  -Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true
  -tm
  "Dave" <[email protected]> wrote in message
  news:[email protected]...
  First, I should state that I have been able to get my application
  to
  work
  in Tomcat
  and run on it's own, but not in WebLogic.
  Has anyone used Sun's JSSE implementation from within WebLogic?
  Is
  it
  possible
  to do so?
  I have set the following properties:
  System.setProperty("java.protocol.handler.pkgs",
  "com.sun.net.ssl.internal.www.protocol");
  System.setProperty("javax.net.ssl.keyStoreType",
  "pkcs12");
  System.setProperty("javax.net.ssl.keyStore",
  keystore);
  System.setProperty("javax.net.ssl.keyStorePassword",
  keyStorePassword);
  System.setProperty("javax.net.ssl.trustStore",
  trustStore);
  System.setProperty("javax.net.ssl.trustStorePassword",
  trustStorePassword);
  Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
  I get the following exception when writing to the output stream
  of
  HttpsURLConnection:
  java.io.IOExceptionWrite Channel Closed, possible SSL handshaking
  or
  trust
  failure
  I am not that familiar with Weblogic, so any suggestions are welcome.

• Responsive Mobile Menus: Open and close on browser, but not in mobile?

  I have two responsive jquery menus I am working with. In the desktop browser they both look and operate fine (full screen and mobile size), but when that same responsive page with menu is viewed on an actual phone (Android and iphone), the menus both: SHOW FULLY OPENED WITH ALL PARENT AND CHILDREN?
  I believe I installed everyting properly (especially since it resizes and works perfect in a normal desk browser) -Dropsdown and Contracts back.
  Does anyone have any experience with this issue (Responsive menus works fine in a desktop browser, but shows completely opened, and will not drop or contract when viewed on an actual mobile phone, like Android or iphone?), and if so any guidance?
  Thanks very much

  Wow, you save me alot of time and headaches. You really know alot and are very helpful and taught me alot. Thank you for helping me, this is my first site I am still trying to build/get up, after years of on-off trying / learning/ abandoning (for other pursuits). This site is really important for me, and would mean alot for me to finally follow through on building.
  Do you know if this forums allows (or do you ever) add friends/contacts so you can message each other? I am somewhat a 'newbie', so I understand if problem, I would not bug/bother you, just curious and fully understand if not. (or do you ever contact via email, website, or other)?
  Also re: Vanilla Testing: I always test all my stuff on a blank HTML page with only the Boilerplate and JS that Dreamweaver provides. I don't know if I have the capability to fully do in something like notepad? Will this method (Boiler, JS, and blank HTML) suffice--No other Scripts--Not even my stylesheet?
  What do you think about this menu. Features seem good, has the most sales, good developer and support?
  http://themes.pixelworkshop.fr/?theme=MegaMenuCompleteSet

• Report on campaign response

  Hi All,
  There was a campaign launch at beginning of month, and now we are trying to do analysis on the campaign response. We have a field at contact level called Subsegment which can have values like Experienced RIA, Inexperienced Stock Broker etc. Now, I need to develop a report that would give a count of click through, open response, opt out, hard bounce and also their % based on sub segment field. I am able to develop report with count of click through, open response, opt out, hard bounce but when I develop a field with formula as (Metrics."# of Click Through"/Metrics."# of Recipients")*100 and put this field in pivot table, I get all erroneous data. The formula gives me all weird values, it display 0 then there should be 15 etc.
  Can anybody please help in indentifying what wrong am I doing.
  Thanks in Advance,

  Hi All,
  Never Mind Guys, i figured it out, i had to cast the data type as float to get the desired output, the system was orginally converting everything into integer and that's why i was getting weird results.
  Thanks,

• Multiple (but separate) domain problem & Apple's slow and useless response

  I am having problem with multiple (but separate) domain. I opened a ticket.
  Here is Apple's slow and useless response and my follow up.
  This follow up is not going to resolve the issues I am having. The sites are not in one domain file. I have split them into separate domains. I found that the simplest change to any page made the publishing process extremely and reasonably slow. If I updated a single site, iWeb republishes the whole conglomeration; hardly the most efficient way.
  I have several directories under the ~/Library/Application Support/iWeb/ directory with separate Domain.sites2 files for each site:
  consultingAM.com
  DarkAssassinMovie.com
  Fuzzy Llama Junior Optimist Club
  GulfportOptimist.com
  OptimistView
  pAwesomeProductions.com
  www.nfdoi.com
  With the previous version of iWeb, I navigated to a specific ~/Library/Application Support/iWeb/ directory, selected the Domain.site file, and opened it. This would open iWeb with the selected domain. Several of the sites have their blog page with the RSS subscribe option.
  Once I made the update, all I usually had to do was publish site and all was well. Occasionally, I would have to do a publish all if I changed domains. All in all, I had no problems with publishing once I found the right steps to be able to maintain multiple domains.
  Now, using the default publish or publish all process, all I get is the last site I published. In order to get things semi-functional, I published a site, then I would go to iDisk/Web/Sites/ directory, select the folder name for the site I had just published, then copy it or move it to iDisk/Web/Sites/iWeb directory. This was rather slow and I suspect it is not an approved solution, but it semi-worked. My sites are back up, but they are not fully functional.
  Is there anyway to get back to using the ~/Library/Application Support/iWeb/ directory (separate Domain.sites file for each site) process to publish multiple sites? If not, is there any way to suck in the various domains back into one? If that is possible, will it take hours to publish the combined 2-3GB like it did with the previous version?
  How do I reverse the 'personal domain' process? I do not want to do this at this time. I just wanted to see what the steps were. I have done the first step, but not the second.
  I was glad to see some of the changes made in the upgrade (web widgets, maps, html snippets, theme switching), but I am too happy about the changes made by the upgrade process. In the past, I upgraded my Apple related stuff as soon as it came out. Based on this upgrade, that won't happen again.
  It took you guys 5 days to get back to me (during which time several of my sites were down) and I do not believe the information you provided is going to solve my specific problems. I am very disappointed with the results of this upgrade. Clearly there was inadequate testing of this product before it was released. I cannot recall seeing the Apple discussion forums with hundreds of topics and thousands of posts within a week or two of a new release. Apple had to upgrade iWeb in the first week, another poor sign.
  Apple is beginning to slip back to the pack; all vendors all below average. Apple is getting more like Microsoft everyday. First Apple delays the release of an OS upgrade so they can concentrate on a freaking phone, now you release software that is so buggy it should be classified as beta at best.
  Some of the changes/problem I am seeing since the upgrade (in addition to the problems mentioned previously) are:
  layout changes; some of my pages no longer look the same; same of the changes are so bad the pages are unreadable
  broken photo pages; some of my photo pages no longer work; some of them have no text or pictures
  file/page name changes; why would Apple change the location of the files; now my domains are not pointing right location; special characters (like spaces, ampersands, etc.) are handled differently in this version; specifically, I see that spaces are changed to underscores (_); iWeb used to use '%20' for spaces; what was Apple thinking?
  broken 3rd party themes; I know Apple is not responsible for 3rd party themes, but you should certainly be aware that they exist
  Based on what I am seeing online, most of the people who are complaining about major iWeb issues are not newbies; based on the technical details in the threads, there are clearly some experienced people who are trying to figure things outw. I have lost many hours trying to figure this mess out. I now have to review hundreds of pages to try get things to look and work the way they did before the upgrade. I have had to handle dozens of phone calls and emails from my viewers and subscribers trying to explain the situation.
  I googled 'iweb 08 *****' and got nearly 50,000 hits! I think Apple better get in front of this train before it gets run over.
  On Aug 19, 2007, at 11:09 AM, .Mac Support wrote:
  Dear David,
  I understand that you are experiencing an issue viewing some of your websites published in iWeb:
  I have examined all of the published pages and they appear to load and function as expected. If you published your website to .Mac, you can visit it either of these ways:
  - In iWeb, click the Visit button in the lower-left corner.
  - Enter the following URL into a web browser:
  http://web.mac.com/daviddawley/
  If you have published more than one website, the URL above will take you to the default website, which is the first website listed in iWeb. To visit another website you have created in iWeb, use the following URL format:
  http://web.mac.com/daviddawley/iWeb/YourSiteName
  Using this form, the web addresses for the two sites you mentioned would be:
  http://web.mac.com/daviddawley/iWeb/FuzzyLlamaJuniorOptimist.com
  http://web.mac.com/daviddawley/iWeb/pAwesomeProductions.com
  To change the default website, simply open iWeb, and in the Site Organizer, drag the desired default website to the top and republish to .Mac.
  NOTE: Be sure to give each website a unique name. This will help prevent one website from overwriting another. For further information, refer to the following article:
  iWeb: Do not use similar names for your sites
  http://www.info.apple.com/kbnum/n303042
  If you still experience issues with the website, try the following troubleshooting steps:
  WAIT SEVERAL MINUTES
  If your website has movies, you may need to wait several minutes after going to the website before the movies are ready to play. The QuickTime Player icon indicates that a movie is still loading.
  CLEAR YOUR BROWSER CACHE
  If you use Safari, you can clear your browser cache by choosing Empty Cache from the Safari menu. If you use another browser, consult that browser’s documentation if you need assistance in clearing your browser cache.
  UPDATE YOUR BROWSER
  Make sure you are using the latest available version of your web browser when viewing pages published in iWeb. If you use Safari, you can check for updates by choosing Software Update from the Apple menu. If there are any available Safari, Security, or Mac OS X updates, install those updates and try looking at your website again.
  If you use another browser, consult that browser’s documentation if you need assistance in updating the browser.
  TRY ANOTHER BROWSER
  If you use a Mac, try viewing your website with Safari or Firefox. If you use Windows, try Internet Explorer 6 or Firefox. Firefox is a free download available here: http://getfirefox.com
  TRY ANOTHER NETWORK
  If possible, try viewing your website from another network or Internet connection. If you can successfully view the website from another network, please consult your network administrator or Internet service provider (ISP) to resolve this issue.
  Important: Mention of third-party websites and products is for informational purposes only and constitutes neither an endorsement nor a recommendation. Apple assumes no responsibility with regard to the selection, performance, or use of information or products found at third-party websites. Apple provides this only as a convenience to our users. Apple has not tested the information found on these sites and makes no representations regarding its accuracy or reliability. There are risks inherent in the use of any information or products found on the Internet, and Apple assumes no responsibility in this regard. Please understand that a third-party site is independent from Apple and that Apple has no control over the content on that website.
  Sincerely,
  Mel
  .Mac Support
  http://www.apple.com/support/dotmac
  http://www.mac.com/learningcenter
  Support Subject : iWeb
  Sub Issue : I can't publish to .Mac from iWeb
  Comments : I was interested in forwarding one of several iWeb based sites to one of my domains. I wanted to see what the steps were. I believe I inadvertently started the process for moving the site to www.nfdoi.com site. I have several sub directories under the ~/Library/Application Support/iWeb directory with separate domain.sites files (now domain.sites2).
  I was going through all of my domain.sites files and opening them in iWeb08; then publishing them. Somewhere along the line everything blew up. Most of my iWeb sites no longer function, It appears that every other iweb site other www.nfdoi.com is down EXCEPT the last one I published. I have made a mess of things and would appreciate any help.
  Don't work:
  http://web.mac.com/daviddawley/FuzzyLlamaJuniorOptimist.com
  http://web.mac.com/daviddawley/pAwesomeProductions.com
  Works:
  http://web.mac.com/daviddawley/Optimist_View/OptimistView.com/OptimistView.com.h tml
  ========= PLEASE USE THE SPACE ABOVE TO DESCRIBE THE ISSUE BASED ON THE QUESTIONS BELOW =========
  1. What version of iWeb are you using to publish to .Mac? iLife 08
  2. When did you first notice this issue? After publishing a few sites.
  3. What happens, including any error messages, when you try to publish your site?
  --------------------- Additional Info -------------------------
  Alternate email address : [email protected]
  OS Version : Mac OS X 10.4.10
  Browser Type : Safari 2.x
  Category : I can't publish to .Mac from iWeb
  Connection Type :Other
  TrackID: 4154168

  Just got off the phone with Apple Support.  There procedure was the following:
  1.  Go to the Apple TV, select settings, general and scroll down to reset.
  2.  Select reset and then select reset all
  Apple TV will go through a restart after the reset and you will have to select your network then log in with your network or Airport Express password.  You will then have to turn on home sharing and It will then ask you for your Apple ID for the iTunes store and then the password.  At this point you may not see your library, because the Apple TV wants you to turn on home sharing on your home computer that is hosting the movie library.  Turn off home sharing on that computer, restart iTunes and turn on home sharing again.  After this is done you should be able to see you library listed under the computer.
  After going through these steps, when I select an HD movie from my iTunes library the movie comes up after about a 5 second delay.
  Hope this helps!  I am back up for business.