Keystore to cacert in Java

Hi,
Please help me with this SSL problem. I am trying to run a small web service application over SSL. Tomcat is the web server.
I have created a self signed certificate using the command
"%JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA"
which created a .keystore file for me. I have put that on Tomcat root and my problem is how to put this .keystore into
C:\j2sdk1.4.2_04\jre\lib\security\cacerts file. on the client.
I mean how can you import a .keystore file into a cacert file.
Without the client not having the certificate it gives a 'SSLHandShakeException'
Thanks for your time
Shiran

If you can run keytool on the client machine with the necessary privilege, than run keytool -import with -keystore argument set to the path to cacerts file,
e.g. keytool -import -keystore c:\jre5\lib\security\cacerts -storetype jks -file mySelfSignedCert.cer ,,,

Similar Messages

Keystores without cacert imported

I'm having a little problem.
I have a client and a server program, in the server program truststore I have the certificate of the client program, and in the server program keystore, I have the servers certificate and the server private key.
On the client side, I have the clients certificate and privatekey in the keystore, and the server certificate in the client truststore.
With this, both the client and the server should trust eachother, but they don't.
I get an "javax.net.ssl.SSLHandshakeException: null cert chain" exception when they try to authenticate.
I can get it working if I add the cacert to the truststore of both of them, but that gives me a problem, since the server then trust every client that has a certificate that has been signed by the cacert, which I don't want.
Any ideas of what might be wrong?

You could add the cacert and check for the specific client in a HandshakeCompletedListener.

Keystore & cacerts

Hi all,
I have to connect to a server which return a xml response. To connect it I need a client certificate (digitalId from verisign).
Well I hace the certificate installed in Internet Explorer and I can access to the server.
However, I want to connect from a servlet, and I don�t know haw to do it, I think I have to se a httpsUrlConnection and send my cert but...
Where I have to store my cert, in keystore, in cacerts??
Anyone could help me??
Thanks in advance

Problem:
After issuing the CSR and getting the cert back in mail, people might get the javax.net.ssl.SSLHandshakeException: Couldn't find trusted certificate exception:
Solution:
Follow the following steps and hopefully things will work out for you.
1. you will need to import the cert at two locations. Why? I have no clue but it worked for me man.
C:\j2sdk1.4.0\jre\lib\security>keytool -import -alias root -trustcacerts -file webldap1.b64 -keystore cacerts
and also
C:\Program Files\Java\j2re1.4.0_01\lib\security>keytool -import -alias root -trustcacerts -file webldap1.b64 -keystore cacerts
if you already have the alias root in use, just delete and import these guys at both places.
2. test to make sure JSSE is installed on your machine correctly using the following code:
import java.security.*;
public class JSSETest {
public static void main(String[] args) {
try {
Class.forName("com.sun.net.ssl.internal.ssl.Provider");
}catch(Exception e) {
System.out.println("JSSE is NOT installed correctly!");
System.exit(1);
System.out.println("JSSE is installed correctly!");
if things look good, you should then run your program using the following command and see where your program is looking for the keystore and truststore.
Java �Djavax.net.debug=ssl nameOfYourProgram > C:\mydebugoutput.txt
This will create a text file called mydebugoutput.txt in your C: drive. Open the file and go to the start and look for the following information:
keyStore is :
keyStore type is : jks
init keystore
init keymanager of type SunX509
trustStore is: C:\Program Files\Java\j2re1.4.0_01\lib\security\cacerts
trustStore type is : jks
init truststore
Verify the information and you should be good to go. If you are getting any exception, just verify the information and make appropriate changes.
Note. CSRs are machine DEPENDENT and the certificate will not work on other machine.
Good luck

Keytool error: java.lang.Exception: Public keys in reply and keystore don't match - Web Logic 10.3.6.0 Linux 64 Bit

Hi,
Followed Oracle recommended note for generating .csr file (Doc ID 1230333.1)
01) $keytool -genkey -alias server.alias -keyalg RSA -keysize 1024 -dname "CN=ServerName,OU=Office,O=OTS,L=Location,S=SW,C=GB" -keypass mypass -keystore ServerName.jks -storepass mypass
02) copy ServerName.jks ServerName.jks.org
03) $keytool -list -v -keystore ServerName.jks -storepass mypass
04) $keytool -certreq -v -alias server.alias -file ServerName.csr -keypass mypass -storepass mypass -keystore ServerName.jks
05) Sent the .csr file to CA
06) ived a filename.cer certificate.
07) rated Root ServerNameRootCert.cer and Intermediate Certificate ServerNameRootInterCert.cer from filename.cer certificate
Importing Root CA into the keystore ServerName.jks
08) $keytool -import -v file ServerNameRootCert.cer -keystore ServerName.jks -trustcacerts -alias AliasOne
09) $keytool -import -v file ServerNameRootInterCert.cer -keystore ServerName.jks -trustcacerts -alias AliasTwo
Now importing the actual certificate using the alias server.alias in the above step 01) and 04)
10) $keytool -import -v file ServerName.cer -keystore ServerName.jks -alias server.alias -keypass -storepass
Getting error message
keytool error: java.lang.Exception: Public keys in reply and keystore don't match
java.lang.Exception: Public keys in reply and keystore don't match
at sun.security.tools.KeyTool.establishCertChain(KeyTool.java:2618)
at sun.security.tools.KeyTool.installReply(KeyTool.java:1870)
at sun.security.tools.KeyTool.doCommands(KeyTool.java:807)
at sun.security.tools.KeyTool.run(KeyTool.java:172)
at sun.security.tools.KeyTool.main(KeyTool.java:167)
Is that anything wrong with the Certificate what is issued by CA?
Is the java version need to be different?
Current Java Version
java version "1.6.0_29"
Java(TM) SE Runtime Environment (build 1.6.0_29-b11)
Oracle JRockit(R) (build R28.2.0-79-146777-1.6.0_29-20111005-1807-linux-x86_64, compiled mode)
Any suggestions please?
Thanks,
Kam

Import the intermediate cert first then the root and then the signed server certificate.
The alias of root and intermediate doesnt matter, but make sure that the alias of server cert is same as the alias of the private key entry.
Have a look at the following example :
https://blogs.oracle.com/blogbypuneeth/entry/steps_to_create_a_csr

Mac updated delete Java trusted cacerts

Everytime (or at least very nearly everytime) I perform the mac os updated the cacerts for Java get deleted. This means that if I have, and I have, added my own set of trust certificates to that file, I then have to add them again.
Why does this happen? Can I stop it happening?
Thanks

This is because the way Java is structured on a Mac. Sun/Oracledoes usually doesn't write software for a Mac. So Keep a list separate that you can copy/paste it every time Java is updated.

Calling a web service through SSL via a stand alone java class

HI,
I am trying to call a web service through SSL via a simple stand alone java client.
I have imported the SSL certificate in my keystore by using the keytool -import command.
Basically I want to add a user to a group on the server. Say I add a user user 1 to group group 1 using an admin userid and password. All these values are set in an xml file which I send to the server while calling the server. I pass the web service URL, the soap action name and the xml to post as the command line arguments to the java client.
My xml file(Add.xml) that is posted looks like :
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope
xmlns:xsi = "http://www.w3.org/1999/XMLSchema-instance"
xmlns:SOAP-ENC = "http://schemas.xmlsoap.org/soap/encoding/"
xmlns:SOAP-ENV = "http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd = "http://www.w3.org/1999/XMLSchema"
SOAP-ENV:encodingStyle = "http://schemas.xmlsoap.org/soap/encoding/">
<SOAP-ENV:Body>
<namesp1:modifyGroupOperation xmlns:namesp1 = "/services/modifyGroup/modifyGroupOp">
<auth>
<user>adminUser</user>
<password>adminPassword</password>
</auth>
<operationType>ADD</operationType>
<groupName>group1</groupName>
<users>
<userName>user1</userName>
</users>
</namesp1:modifyGroupOperation>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
I call the client as:
java PostXML https://com.webservice.com/services/modifyGroup "/services/modifyGroup/modifyGroupOp" Add.xml
I my client, I have set the following:
System.setProperty("javax.net.ssl.keyStore", "C:\\Program Files\\Java\\jre1.5.0_12\\lib\\security\\cacerts");
System.setProperty("javax.net.ssl.keyStorePassword", "password");
System.setProperty("javax.net.ssl.trustStore", "C:\\Program Files\\Java\\jre1.5.0_12\\lib\\security\\cacerts");
System.setProperty("javax.net.ssl.trustStorePassword", "password");
But when I try to execute the java client, I get the following error:
setting up default SSLSocketFactory
use default SunJSSE impl class: com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl is loaded
keyStore is : C:\Program Files\Java\jre1.5.0_12\lib\security\cacerts
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: C:\Program Files\Java\jre1.5.0_12\lib\security\cacerts
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
init context
trigger seeding of SecureRandom
done seeding SecureRandom
instantiated an instance of class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
main, setSoTimeout(0) called
main, setSoTimeout(0) called
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: .....
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 73
main, WRITE: TLSv1 Handshake, length = 73
[write] MD5 and SHA1 hashes: len = 98
main, WRITE: SSLv2 client hello message, length = 98
[Raw write]: length = 100
[Raw read]: length = 5
[Raw read]: length = 58
main, READ: TLSv1 Handshake, length = 58
*** ServerHello, TLSv1
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
[read] MD5 and SHA1 hashes: len = 58
[Raw read]: length = 5
[Raw read]: length = 5530
main, READ: TLSv1 Handshake, length = 5530
*** Certificate chain
chain [0] = ...
chain [1] = ...
chain [2] = ...
chain [3] = ...
main, SEND TLSv1 ALERT: fatal, description = certificate_unknown
main, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 01 00 02 02 2E .......
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
main, called close()
main, called closeInternal(true)
main, called close()
main, called closeInternal(true)
main, called close()
main, called closeInternal(true)
Exception in thread "main" javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.c
ertpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
at java.io.BufferedOutputStream.flush(Unknown Source)
at org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:506)
at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2110)
at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1088)
at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323)
at PostXML.main(PostXML.java:111)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find v
alid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unknown Source)
... 18 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 23 more
I do not know where I have gone wrong. Could someone point out my mistake.
Thanks In advance!

Hi jazz123,
There's an example in the [*Java Web Services Tutorial*|http://java.sun.com/webservices/docs/2.0/tutorial/doc/] : see Chapter 1: Building Web Services with JAX-WS - A Simple JAX-WS Client.

Openldap, jndi, ssl openssl keystore problem

I am trying to get a connection between openldap and a java application using jndi. The connection needs to be secure so I want to use ssl. I only want the server to have to have a certificate.
I am having troubles creating the right certificates (self-signed) .
When I create a certificate that works with openldap (see this howto: http://www.openldap.org/pub/ksoper/OpenLDAP_TLS_howto.html#4.2 )
I can only import the cacert.pem into my java keystore, the other to files i can not import. Even when I have converted the servercrt.pem to servercrt.der.
When I use this openldap works and I can connect to it use ldapbrowser (also written in Java)
If I only import the cacert.pem java gives the error:
"AWT-EventQueue-0, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found"
when trying to connect.
Otherwise if I create a certificate with the java keystore I can't get openldap to work with it.
I used this howto to do that: http://www.churchillobjects.com/c/11201g.html.
So my question is. Does somebody know how to create a certificate that I can use with openldap and also be able to import into the java keystore?

Hello, I had a similar problem: when I tried to connect, a javax.net.ssl.SSLHandshakeException arose. To solve the problem I:
1) Import into my JNDI keystore the certifictate of the CA that had signed my openLDAP certificate (I did not import the server's certificate).
2) Nothing else. I think the problem was in the certificates and not in the java code...
This is what I wrote:
String dirServidor = request.getParameter("dirserver");
String clave = request.getParameter("clave");
String uid = request.getParameter("uid");
System.setProperty("javax.net.debug","all");
System.setProperty("javax.net.ssl.trustStore", YOUR_KEYSTORE?S_PATH);
System.setProperty("javax.net.ssl.trustStorePassword", YOUR_KEYSTORE?S_PASSWORD);
Hashtable props = new Hashtable();
props.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
props.put(Context.PROVIDER_URL, dirServidor);
props.put(Context.SECURITY_PROTOCOL, "ssl");
props.put(Context.SECURITY_AUTHENTICATION, "simple");
props.put(Context.SECURITY_PRINCIPAL, uid);
props.put(Context.SECURITY_CREDENTIALS, clave);
DirContext ctx = null;
try{
ctx = new InitialDirContext(props);
catch(NamingException e){......}
Bye

Java.lang.SecurityException: Unsupported keysize or algorithm parameters

Hi I need urgent help, I am getting below exception while loading trusted certificates from the jks keystore files DemoTrust.jks and cacerts using wls server.
java.lang.SecurityException: Unsupported keysize or algorithm parameters
     at javax.crypto.Cipher.init(DashoA12275)
     at com.certicom.tls.provider.Cipher.init(Unknown Source)
     at com.certicom.tls.ciphersuite.SecurityParameters.createWriteCipher(Unknown Source)
     at com.certicom.tls.record.handshake.HandshakeHandler.changeCipherSpec(Unknown Source)
     at com.certicom.tls.record.handshake.ClientStateReceivedCertificate.handle(Unknown Source)
     at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
     at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
     at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
     at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
     at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
     at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
     at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
     at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
     at com.certicom.tls.record.WriteHandler.write(Unknown Source)
     at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
     at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)
     at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)
     at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
     at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:122)
     at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:322)
     at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:29)
     at weblogic.net.http.HttpURLConnection.getHeaderField(HttpURLConnection.java:594)
     at java.net.HttpURLConnection.getHeaderFieldDate(HttpURLConnection.java:343)
     at java.net.URLConnection.getLastModified(URLConnection.java:429)
     at com.cramer.core.framework.serviceimpl.ImageServiceImpl.getURLImage(ImageServiceImpl.java:269)
     at com.cramer.core.framework.serviceimpl.ImageServiceImpl.getImages(ImageServiceImpl.java:224)
     at com.cramer.core.framework.serviceimpl.ImageServiceImpl.getGraphicsCacheData(ImageServiceImpl.java:634)
     at sun.reflect.GeneratedMethodAccessor1067.invoke(Unknown Source)
     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
     at java.lang.reflect.Method.invoke(Method.java:324)
     at org.apache.axis.providers.java.RPCProvider.invokeMethod(RPCProvider.java:397)
     at org.apache.axis.providers.java.RPCProvider.processMessage(RPCProvider.java:186)
     at org.apache.axis.providers.java.JavaProvider.invoke(JavaProvider.java:323)
     at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
     at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
     at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
     at org.apache.axis.handlers.soap.SOAPService.invoke(SOAPService.java:453)
     at org.apache.axis.server.AxisServer.invoke(AxisServer.java:281)
     at org.apache.axis.transport.http.AxisServlet.doPost(AxisServlet.java:699)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
     at org.apache.axis.transport.http.AxisServletBase.service(AxisServletBase.java:327)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:1072)
     at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:465)
     at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:28)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:27)
     at com.cramer.core.sso.ApplicationFilter.doFilter(Unknown Source)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:27)
     at com.cramer.core.framework.serviceimpl.ClientAddressFilter.doFilter(ClientAddressFilter.java:62)
     at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:27)
     at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6987)
     at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
     at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
     at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3892)
     at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2766)
     at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:224)
     at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:183)
Pls help , Thanks is Advance !!!

HI
I tried with replacing the jar with unlimited strength stuff but it didn't work for me , i got "class not found" Exception after that.
but one point i bring in to notice that i come accross this Error when try to loading trusted certificates
<Mar 6, 2012 3:26:22 PM EST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file /appl/bea/wls81sp5/weblogic81/server/lib/DemoTrust.jks.>
<Mar 6, 2012 3:26:22 PM EST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file /appl/j2sdk1.4.2_17/jre/lib/security/cacerts.>
java.lang.SecurityException: Unsupported keysize or algorithm parameters
     at javax.crypto.Cipher.init(DashoA12275)
     at com.certicom.tls.provider.Cipher.init(Unknown Source)
     at com.certicom.tls.ciphersuite.SecurityParameters.createWriteCipher(Unknown Source)
     at com.certicom.tls.record.handshake.HandshakeHandler.changeCipherSpec(Unknown Source)
     at com.certicom.tls.record.handshake.ClientStateReceivedCertificate.handle(Unknown Source)
     at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
     at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
     at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
     at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
     at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
     at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
     at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
     at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
     at com.certicom.tls.record.WriteHandler.write(Unknown Source)
     at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
     at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:66)
     at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)
     at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
     at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:122)
     at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:322)
     at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:29)
     at weblogic.net.http.HttpURLConnection.getHeaderField(HttpURLConnection.java:594)
     at java.net.HttpURLConnection.getHeaderFieldDate(HttpURLConnection.java:343)
     at java.net.URLConnection.getLastModified(URLConnection.java:429)

Default SSL context init failed: Invalid keystore format

Hi, I can't connect to my ldap server. The problem is ssl. I'm trying to do this:
import java.io.IOException;
import java.util.Hashtable;
import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.ldap.LdapContext;
public class TestAuthentifikation {
    public static void main (String [] args) throws IOException {
           try {
                Hashtable env = new Hashtable();
                env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
                env.put(Context.PROVIDER_URL, "ldaps://subdomain.dyndns.org:636/");
                env.put(Context.SECURITY_PRINCIPAL, "uid=user,ou=users,dc=subdomain,dc=dyndns,dc=org");
                env.put(Context.SECURITY_CREDENTIALS, "passwd");
                env.put(Context.SECURITY_AUTHENTICATION, "simple");
                env.put(Context.SECURITY_PROTOCOL, "ssl");
                java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
                System.setProperty("javax.net.ssl.keyStore", "/usr/lib/j2se/1.4/jre/lib/security/cacerts");
                System.setProperty("javax.net.ssl.trustStore","/usr/lib/j2se/1.4/jre/lib/security/cacerts");
                env.put(LdapContext.CONTROL_FACTORIES, "com.sun.jndi.ldap.ControlFactory");
                DirContext ctx = new InitialDirContext(env);
                //use ctx....
                // Close the context when we're done
                ctx.close();
              catch(NamingException ne) {
                System.err.println(ne);
                ne.printStackTrace();
}The exception is this:
javax.naming.CommunicationException: subdomain.dyndns.org:636 [Root exception is java.net.SocketException: Default SSL context init failed: Invalid keystore format]
        at com.sun.jndi.ldap.Connection.<init>(Connection.java:194)
        at com.sun.jndi.ldap.LdapClient.<init>(LdapClient.java:119)
        at com.sun.jndi.ldap.LdapClient.getInstance(LdapClient.java:1668)
        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2599)
        at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:290)On the server I have created this ldap_crt.pem file:
openssl req -x509 -days 3650 -newkey rsa:2048 -nodes -keyout ldap_key.pem -keyform PEM -out ldap_crt.pem -outform PEMwhich sits on the clients /etc/ssl/certs directory. Like this I can connect with a ldap browser to the server.
I should do something like this:
keytool -import -alias AUTH_CA -file rootcert.crt -keystore /usr/lib/j2se/1.4/jre/lib/security/cacertsHow do I get this rootcert.crt file?
I did this and changed the keystore from cacerts to mycacerts in the java class file:
sudo keytool -import -alias AUTH_CA -file /etc/ssl/certs/ldap_crt.pem -keystore /usr/lib/j2se/1.4/jre/lib/security/mycacertsThen I get this:
javax.naming.CommunicationException: simple bind failed: subdomain.dyndns.org:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: *No trusted certificate found*]
        at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:198)
        at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2640)
        at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:290)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:175)
        at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:193)
        at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:136)
Edited by: borobudur on May 18, 2008 7:09 AM

Just a permission problem! Take care that your process can write on the keystore/truststore.

SSL and keystore password

I am creating a server and using JSSE. All the examples I see pass the Keystore and Keystore password as a java enviromnent variable when starting the server. Does this seem a little unsecure to pass the password on the command line? Is there any other way to pass the keystore password?

I am creating a server and using JSSE. All the
examples I see pass the Keystore and Keystore password
as a java enviromnent variable when starting the
server. Does this seem a little unsecure to pass the
password on the command line? Is there any other way
to pass the keystore password?Think hard on this one - what "more secure way" are you going to use? Sooner or later, somebody who knows has to give the code a password to use.
Most of the systems I've seen haven't even required it on the command line - it's been written down in a script or .properties file, so the app can start/restart without human intervention. The files containing the passwords are protected by whatever the host OS uses to keep files private (e.g., owned by root, owner-read-only perms on Unix).
No matter how much encryption you put in place, at the bottom of the chain there's a plain-text password entered SOMEwhere...
Grant

Help : How to import .pfx file to keystore

Hi,
I need to generate digital signature for some data string. I got the pfx file with password blank.
it shows the following detailsusing keytool.
keytool -list -keystore rating/ebs/scripts/MPay_certificate_11072003.p12 -storetype pkcs12
unknown attr1.3.6.1.4.1.311.17.1
Enter keystore password:
unknown attr1.3.6.1.4.1.311.17.1
***************** WARNING WARNING WARNING *****************
* The integrity of the information stored in your keystore *
* has NOT been verified! In order to verify its integrity, *
* you must provide your keystore password. *
***************** WARNING WARNING WARNING *****************
Keystore type: pkcs12
Keystore provider: SunJSSE
Your keystore contains 1 entry
c1e673ff559b00e86a399a1b21e4aed2_6ee3fa08-8ba8-4ff1-a8fd-01031842a3a3, Aug 18, 2003, keyEntry,
How can I generate the keystore file and know the private key alias so that i can generate the sign using sign().
thanks in advance.
Ranjan

It is possible to import a .p12 file into a keystore with a small Java program...
I found a sample to do this about a year ago, the source page is no longer valid. I have made some slight modifications to the original program, but left credit to the original author in the top (to the best of my knowledge).
Sample execution being:
$ java KeyStoreMove PKCS12 ~/igo.p12 p12-pas JKS ~/.keystore key-pas
Source alias: lester igo id #2
Rename alias to [<return> to keep original alias]: my-cert
New alias: my-cert
importing key lester igo id #2
keystore copy successful
* This code has been downloaded from the internet and contained no license.
* The Source for this was: http://home.istar.ca/~neutron/Thawte/KeystoreMove.txt
* The Page referencing it was: http://home.istar.ca/~neutron/Thawte/index.html
* The author appears to be:
* Michel I. Gallant
* [email protected]
import java.io.*;
import java.security.*;
import java.util.*;
public class KeyStoreMove {
public static void main(String args[]) throws Throwable {
java.security.Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
if (args.length<6) {
System.out.println(
"\nKeyStoreMove Usage: \njava KeyStoreMove <source> <destination> where\n" +
" <source> and <destination> are " +
"<storetype> <keystore> <password>\n");
System.out.println(" - Requires jsse for PKCS12 keystore support \n" +
" - source storetype can be JKS or PKCS12\n" +
" - destination storetype must be JKS type (PKCS12 write not supported)\n") ;
System.exit(0);
FileInputStream in;
// -------- Load source keystore to memory ---------
in = new FileInputStream(args[1]);
KeyStore ksin = KeyStore.getInstance(args[0]);
char[] pwin = args[2].toCharArray();
if (pwin.length==0) { pwin = null; }
ksin.load(in,pwin);
in.close();
// -------- Load destination keystore initial contents to memory ---------
in = new FileInputStream(args[4]);
KeyStore ksout = KeyStore.getInstance(args[3]);
char[] pwout = args[5].toCharArray();
if (pwout.length==0) { pwout = null; }
ksout.load(in,pwout);
in.close();
//--------- Main Loop to get keys/certs from source keystore ------------
BufferedReader stdin = new BufferedReader(new InputStreamReader(System.in));
Enumeration en = ksin.aliases();
while (en.hasMoreElements()) {
String alias = (String) en.nextElement();
if (ksout.containsAlias(alias)) {
System.out.println(args[4] + " already contains " + alias + " Key will not be copied.");
continue;
// ------- Ask user if alias of source key/cert should be renamed -----------
System.out.println("Source alias: " + alias);
System.out.print("Rename alias to [<return> to keep original alias]: ") ;
String newuseralias = stdin.readLine().trim() ;
if (newuseralias.equals("")){
newuseralias=alias;
System.out.println("Original alias used") ;
else {
System.out.println("New alias: " + newuseralias) ;
if (ksin.isCertificateEntry(alias)) {
System.out.println("importing certificate " + alias);
ksout.setCertificateEntry(newuseralias, ksin.getCertificate(alias));
if (ksin.isKeyEntry(alias)) {
System.out.println("importing key " + alias);
ksout.setKeyEntry(newuseralias, ksin.getKey(alias,pwin), pwout,ksin.getCertificateChain(alias));
//--------- End main loop ----------------------
//--------- Overwrite the destination keystore with new keys/certs --------------
FileOutputStream out = new FileOutputStream(args[4]);
ksout.store(out,pwout);
out.close();
System.out.println("keystore copy successful\n") ;
System.exit(0);

JPS-06514: Opening of file based keystore failed.

I have a fresh install of JDeveloper 11.1.2.3.0 (Build JDEVADF_11.1.2.3.0_GENERIC_120914.0223.6276.1). When I try to start the integrated WebLogic Server from the Application Servers explorer tab, it fails and crashes with "JPS-06514: Opening of file based keystore failed." The entire output console content is pasted below for your reference. I am under time pressure, so the sooner somebody can help, the better. Thanks in advance!
*** Using HTTP port 7101 ***
*** Using SSL port 7102 ***
C:\Users\userP\AppData\Roaming\JDeveloper\system11.1.2.3.39.62.76.1\DefaultDomain\bin\startWebLogic.cmd
[waiting for the server to complete its initialization...]
JAVA Memory arguments: -Xms256m -Xmx512m -XX:CompileThreshold=8000 -XX:PermSize=128m -XX:MaxPermSize=512m
WLS Start Mode=Development
CLASSPATH=C:\Oracle\MIDDLE~1\ORACLE~1\modules\oracle.jdbc_11.1.1\ojdbc6dms.jar;C:\Oracle\MIDDLE~1\patch_wls1211\profiles\default\sys_manifest_classpath\weblogic_patch.jar;C:\Oracle\MIDDLE~1\patch_oepe101\profiles\default\sys_manifest_classpath\weblogic_patch.jar;C:\Oracle\MIDDLE~1\patch_ocp371\profiles\default\sys_manifest_classpath\weblogic_patch.jar;C:\Oracle\MIDDLE~1\JDK160~3\lib\tools.jar;C:\Oracle\MIDDLE~1\WLSERV~1.1\server\lib\weblogic_sp.jar;C:\Oracle\MIDDLE~1\WLSERV~1.1\server\lib\weblogic.jar;C:\Oracle\MIDDLE~1\modules\features\weblogic.server.modules_12.1.1.0.jar;C:\Oracle\MIDDLE~1\WLSERV~1.1\server\lib\webservices.jar;C:\Oracle\MIDDLE~1\modules\ORGAPA~1.1/lib/ant-all.jar;C:\Oracle\MIDDLE~1\modules\NETSFA~1.0_1/lib/ant-contrib.jar;C:\Oracle\MIDDLE~1\ORACLE~1\modules\oracle.jrf_11.1.1\jrf.jar;C:\Oracle\MIDDLE~1\WLSERV~1.1\common\derby\lib\derbyclient.jar;C:\Oracle\MIDDLE~1\WLSERV~1.1\server\lib\xqrl.jar;.;c:\oracle\middleware\wlserver_10.3\server\lib;M:\dommgr\DomainManager\classes;M:\3rdparty\wls_10.3\weblogic.jar;M:\3rdparty\wls_10.3\wlfullclient.jar;M:\3rdparty\wls_10.3\wljmxclient.jar;M:\3rdparty\wls_10.3\wlclient.jar;
PATH=C:\Oracle\MIDDLE~1\patch_wls1211\profiles\default\native;C:\Oracle\MIDDLE~1\patch_oepe101\profiles\default\native;C:\Oracle\MIDDLE~1\patch_ocp371\profiles\default\native;C:\Oracle\MIDDLE~1\WLSERV~1.1\server\native\win\32;C:\Oracle\MIDDLE~1\WLSERV~1.1\server\bin;C:\Oracle\MIDDLE~1\modules\ORGAPA~1.1\bin;C:\Oracle\MIDDLE~1\JDK160~3\jre\bin;C:\Oracle\MIDDLE~1\JDK160~3\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\Program Files\IBM\RationalSDLC\ClearCase\bin;C:\Program Files\IBM\RationalSDLC\common;M:\etc;C:\Oracle\MIDDLE~1\WLSERV~1.1\server\native\win\32\oci920_8
* To start WebLogic Server, use a username and *
* password assigned to an admin-level user. For *
* server administration, use the WebLogic Server *
* console at http:\\hostname:port\console *
starting weblogic with Java version:
java version "1.6.0_29"
Java(TM) SE Runtime Environment (build 1.6.0_29-b11)
Java HotSpot(TM) Client VM (build 20.4-b02, mixed mode)
Starting WLS with line:
C:\Oracle\MIDDLE~1\JDK160~3\bin\java -client -Xms256m -Xmx512m -XX:CompileThreshold=8000 -XX:PermSize=128m -XX:MaxPermSize=512m -Dweblogic.Name=DefaultServer -Djava.security.policy=C:\Oracle\MIDDLE~1\WLSERV~1.1\server\lib\weblogic.policy -Djavax.net.ssl.trustStore=C:\Users\FCOCA~1.COR\AppData\Local\Temp\trustStore7654511046496503013.jks -Ddmsc_config_file=M:\etc\dommgr.properties -Doracle.jdeveloper.adrs=true -Dweblogic.nodemanager.ServiceEnabled=true -Xverify:none -Djava.endorsed.dirs=C:\Oracle\MIDDLE~1\JDK160~3/jre/lib/endorsed;C:\Oracle\MIDDLE~1\WLSERV~1.1/endorsed -da -Dplatform.home=C:\Oracle\MIDDLE~1\WLSERV~1.1 -Dwls.home=C:\Oracle\MIDDLE~1\WLSERV~1.1\server -Dweblogic.home=C:\Oracle\MIDDLE~1\WLSERV~1.1\server -Djps.app.credential.overwrite.allowed=true -Dcommon.components.home=C:\Oracle\MIDDLE~1\ORACLE~1 -Djrf.version=11.1.1 -Dorg.apache.commons.logging.Log=org.apache.commons.logging.impl.Jdk14Logger -Ddomain.home=C:\Users\FCOCA~1.COR\AppData\Roaming\JDEVEL~1\SYSTEM~1.1\DEFAUL~1 -Djrockit.optfile=C:\Oracle\MIDDLE~1\ORACLE~1\modules\oracle.jrf_11.1.1\jrocket_optfile.txt -Doracle.server.config.dir=C:\Users\FCOCA~1.COR\AppData\Roaming\JDEVEL~1\SYSTEM~1.1\DEFAUL~1\config\FMWCON~1\servers\DefaultServer -Doracle.domain.config.dir=C:\Users\FCOCA~1.COR\AppData\Roaming\JDEVEL~1\SYSTEM~1.1\DEFAUL~1\config\FMWCON~1 -Digf.arisidbeans.carmlloc=C:\Users\FCOCA~1.COR\AppData\Roaming\JDEVEL~1\SYSTEM~1.1\DEFAUL~1\config\FMWCON~1\carml -Digf.arisidstack.home=C:\Users\FCOCA~1.COR\AppData\Roaming\JDEVEL~1\SYSTEM~1.1\DEFAUL~1\config\FMWCON~1\arisidprovider -Doracle.security.jps.config=C:\Users\FCOCA~1.COR\AppData\Roaming\JDEVEL~1\SYSTEM~1.1\DEFAUL~1\config\fmwconfig\jps-config.xml -Doracle.deployed.app.dir=C:\Users\FCOCA~1.COR\AppData\Roaming\JDEVEL~1\SYSTEM~1.1\DEFAUL~1\servers\DefaultServer\tmp\_WL_user -Doracle.deployed.app.ext=\- -Dweblogic.alternateTypesDirectory=C:\Oracle\MIDDLE~1\ORACLE~1\modules\oracle.ossoiap_11.1.1,C:\Oracle\MIDDLE~1\ORACLE~1\modules\oracle.oamprovider_11.1.1 -Djava.protocol.handler.pkgs=oracle.mds.net.protocol -Dweblogic.jdbc.remoteEnabled=false -Dwsm.repository.path=C:\Users\FCOCA~1.COR\AppData\Roaming\JDEVEL~1\SYSTEM~1.1\DEFAUL~1\oracle\store\gmds -Dweblogic.management.discover=true -Dwlw.iterativeDev= -Dwlw.testConsole= -Dwlw.logErrorsToConsole= -Dweblogic.ext.dirs=C:\Oracle\MIDDLE~1\patch_wls1211\profiles\default\sysext_manifest_classpath;C:\Oracle\MIDDLE~1\patch_oepe101\profiles\default\sysext_manifest_classpath;C:\Oracle\MIDDLE~1\patch_ocp371\profiles\default\sysext_manifest_classpath weblogic.Server
<19-Dec-2012 2:37:23 o'clock PM EST> <Info> <Security> <BEA-090905> <Disabling CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true>
<19-Dec-2012 2:37:23 o'clock PM EST> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true>
<19-Dec-2012 2:37:24 o'clock PM EST> <Info> <WebLogicServer> <BEA-000377> <Starting WebLogic Server with Java HotSpot(TM) Client VM Version 20.4-b02 from Sun Microsystems Inc..>
<19-Dec-2012 2:37:24 o'clock PM EST> <Info> <Management> <BEA-141107> <Version: WebLogic Server Temporary Patch for 13340309 Thu Feb 16 18:30:21 IST 2012
WebLogic Server Temporary Patch for 13019800 Mon Jan 16 16:53:54 IST 2012
WebLogic Server Temporary Patch for BUG13391585 Thu Feb 02 10:18:36 IST 2012
WebLogic Server Temporary Patch for 13516712 Mon Jan 30 15:09:33 IST 2012
WebLogic Server Temporary Patch for BUG13641115 Tue Jan 31 11:19:13 IST 2012
WebLogic Server Temporary Patch for BUG13603813 Wed Feb 15 19:34:13 IST 2012
WebLogic Server Temporary Patch for 13424251 Mon Jan 30 14:32:34 IST 2012
WebLogic Server Temporary Patch for 13361720 Mon Jan 30 15:24:05 IST 2012
WebLogic Server Temporary Patch for BUG13421471 Wed Feb 01 11:24:18 IST 2012
WebLogic Server Temporary Patch for BUG13657792 Thu Feb 23 12:57:33 IST 2012
WebLogic Server 12.1.1.0 Wed Dec 7 08:40:57 PST 2011 1445491
WebLogic Server 10.3.2.0 Tue Oct 20 12:16:15 PDT 2009 1267925
WebLogic Server 10.3 Tue Nov 15 08:52:36 PST 2011 1441050
WebLogic Server 10.3 Tue Nov 15 08:52:36 PST 2011 1441050 >
<19-Dec-2012 2:37:25 o'clock PM EST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to STARTING.>
<19-Dec-2012 2:37:25 o'clock PM EST> <Info> <WorkManager> <BEA-002900> <Initializing self-tuning thread pool.>
<19-Dec-2012 2:37:25 o'clock PM EST> <Notice> <LoggingService> <BEA-320400> <The log file C:\Users\userP\AppData\Roaming\JDeveloper\system11.1.2.3.39.62.76.1\DefaultDomain\servers\DefaultServer\logs\DefaultServer.log will be rotated. Reopen the log file if tailing has stopped. This can happen on some platforms, such as Windows.>
<19-Dec-2012 2:37:25 o'clock PM EST> <Notice> <LoggingService> <BEA-320401> <The log file has been rotated to C:\Users\userP\AppData\Roaming\JDeveloper\system11.1.2.3.39.62.76.1\DefaultDomain\servers\DefaultServer\logs\DefaultServer.log00003. Log messages will continue to be logged in C:\Users\userP\AppData\Roaming\JDeveloper\system11.1.2.3.39.62.76.1\DefaultDomain\servers\DefaultServer\logs\DefaultServer.log.>
<19-Dec-2012 2:37:25 o'clock PM EST> <Notice> <Log Management> <BEA-170019> <The server log file C:\Users\userP\AppData\Roaming\JDeveloper\system11.1.2.3.39.62.76.1\DefaultDomain\servers\DefaultServer\logs\DefaultServer.log is opened. All server side log events will be written to this file.>
19-Dec-2012 2:37:26 PM oracle.security.jps.internal.keystore.file.FileKeyStoreManager openKeyStore
WARNING: Opening of file based keystore failed.
<19-Dec-2012 2:37:26 o'clock PM EST> <Error> <Security> <BEA-090892> <The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-06514: Opening of file based keystore failed.>
<19-Dec-2012 2:37:26 o'clock PM EST> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-06514: Opening of file based keystore failed.
weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: JPS-06514: Opening of file based keystore failed.
     at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1402)
     at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1022)
     at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
     at weblogic.security.SecurityService.start(SecurityService.java:148)
     at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
     Truncated. see log file for complete stacktrace
Caused By: oracle.security.jps.JpsRuntimeException: JPS-06514: Opening of file based keystore failed.
     at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:167)
     at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:369)
     at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
     at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
     at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
     Truncated. see log file for complete stacktrace
Caused By: oracle.security.jps.JpsException: JPS-06514: Opening of file based keystore failed.
     at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPDPService(PolicyUtil.java:2855)
     at oracle.security.jps.internal.policystore.PolicyUtil.getPDPService(PolicyUtil.java:3097)
     at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:164)
     at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:369)
     at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
     Truncated. see log file for complete stacktrace
Caused By: oracle.security.jps.service.keystore.KeyStoreServiceException: JPS-06514: Opening of file based keystore failed.
     at oracle.security.jps.internal.keystore.file.FileKeyStoreManager.openKeyStore(FileKeyStoreManager.java:374)
     at oracle.security.jps.internal.keystore.file.FileKeyStoreServiceImpl.doInit(FileKeyStoreServiceImpl.java:104)
     at oracle.security.jps.internal.keystore.file.FileKeyStoreServiceImpl.<init>(FileKeyStoreServiceImpl.java:76)
     at oracle.security.jps.internal.keystore.file.FileKeyStoreServiceImpl.<init>(FileKeyStoreServiceImpl.java:66)
     at oracle.security.jps.internal.keystore.KeyStoreProvider.getInstance(KeyStoreProvider.java:157)
     Truncated. see log file for complete stacktrace
>
<19-Dec-2012 2:37:26 o'clock PM EST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED.>
<19-Dec-2012 2:37:26 o'clock PM EST> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down.>
<19-Dec-2012 2:37:26 o'clock PM EST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN.>
<19-Dec-2012 2:37:26 o'clock PM EST> <Warning> <Security> <BEA-090922> <Certicom SSL is available, however JSSE is being used for SSL, since JSSE has been selected by attribute SSLMBean.JSSEEnabled, either explicitly or by default.>
Process exited.

I believe you can chmod back to your app user and correct the issue.
-ryan

Bank says Java not Unix compatible

Hey all
St George, a major Australian bank has an internet banking site that uses Java. Unfortunately, it only works with, and supports (Windows NT, 98, ME, 2000, XP) MacOS (9.2, 10.1, 10.2)
In Mozilla-firefox in Linux the applet is grey except for a little red cross in the left top corner.
A small discusson is here http://lists.slug.org.au/archives/slug-chat/2004/02/msg00094.html
How can we encourage St George to embrace Java's cross platform operability?
Their compatibility page is here https://www.stgeorge.com.au/int_bank/get_start/systest/default.asp
I have included St George's response, and a copy of the java console if it interests you.
marty
Dear Marty
Thank you for your email.
I appreciate your input and I am sure that implementations on the banks
behalf are always considered and processed through the opinions and
decisions of our customers.
Our intended purpose has always been to make banking more efficient and
convenient and hopefully that is what we can achieve.
Therefore, I will forward your email to our developers to look further
into your suggested enhancements.
If you have any further enquiries, please do not hesitate to email me
again at [email protected]. Or alternatively, you can contact
St.George Internet Banking on 1300 555 203. A consultant is available
for your assistance 7 days a week, 8:00am - 9:00pm(EST).
With kind regards,
Wendy
Electronic Banking
St. George Bank Ltd
Phone 1300 555 203
Email: [email protected]
Web: www.stgeorge.com.au
Java(TM) Plug-in: Version 1.4.2_04
Using JRE version 1.4.2_04 Java HotSpot(TM) Client VM
User home directory = /home/mbarlow
c: clear console window
f: finalize objects on finalization queue
g: garbage collect
h: display this help message
l: dump classloader list
m: print memory usage
o: trigger logging
p: reload proxy configuration
q: hide console
r: reload policy configuration
s: dump system properties
t: dump thread list
v: dump thread stack
x: clear classloader cache
0-5: set trace level to <n>
Memory: 5,608K Free: 1,446K (25%) ... completed.
Reload policy configuration ... completed.
Dump system properties ...
acl.read = +
acl.read.default =
acl.write = +
acl.write.default =
browser.vendor = Sun Microsystems, Inc.
browser.version = 1.1
deployment.system.cacerts = /usr/java/j2re1.4.2_04/lib/security/cacerts
deployment.system.home = /etc/.java/deployment
deployment.system.jssecacerts =
/usr/java/j2re1.4.2_04/lib/security/cacerts
deployment.system.profile = /etc
deployment.system.security.policy =
file:/etc/.java/deployment/security/java.policy
deployment.user.cachedir = /home/mbarlow/.java/deployment/cache
deployment.user.certs =
/home/mbarlow/.java/deployment/security/deployment.certs
deployment.user.extdir = /home/mbarlow/.java/deployment/ext
deployment.user.home = /home/mbarlow/.java/deployment
deployment.user.jssecerts =
/home/mbarlow/.java/deployment/security/deployment.jssecerts
deployment.user.logdir = /home/mbarlow/.java/deployment/log
deployment.user.profile = /home/mbarlow
deployment.user.security.policy =
file:/home/mbarlow/.java/deployment/security/java.policy
deployment.user.tmpdir = /home/mbarlow/.java/deployment/cache/tmp
file.encoding = UTF-8
file.encoding.pkg = sun.io
file.separator = /
file.separator.applet = true
http.agent = Mozilla/4.0 (Linux 2.6.7)
http.auth.serializeRequests = true
https.protocols = SSLv3,SSLv2Hello
java.awt.graphicsenv = sun.awt.X11GraphicsEnvironment
java.awt.printerjob = sun.print.PSPrinterJob
java.class.path = /usr/java/j2re1.4.2_04/classes
java.class.version = 48.0
java.class.version.applet = true
java.endorsed.dirs = /usr/java/j2re1.4.2_04/lib/endorsed
java.ext.dirs = /usr/java/j2re1.4.2_04/lib/ext
java.home = /usr/java/j2re1.4.2_04
java.io.tmpdir = /tmp
java.library.path =
/usr/java/j2re1.4.2_04/lib/i386/client:/usr/java/j2re1.4.2_04/lib/i386:/usr/lib/mozilla-firefox:/usr/lib/mozilla-firefox/plugins:/usr/lib/mozilla/plugins:/usr/lib
java.protocol.handler.pkgs =
sun.plugin.net.protocol|sun.plugin.net.protocol
java.runtime.name = Java(TM) 2 Runtime Environment, Standard Edition
java.runtime.version = 1.4.2_04-b05
java.specification.name = Java Platform API Specification
java.specification.vendor = Sun Microsystems Inc.
java.specification.version = 1.4
java.util.prefs.PreferencesFactory =
java.util.prefs.FileSystemPreferencesFactory
java.vendor = Sun Microsystems Inc.
java.vendor.applet = true
java.vendor.url = http://java.sun.com/
java.vendor.url.applet = true
java.vendor.url.bug = http://java.sun.com/cgi-bin/bugreport.cgi
java.version = 1.4.2_04
java.version.applet = true
java.vm.info = mixed mode
java.vm.name = Java HotSpot(TM) Client VM
java.vm.specification.name = Java Virtual Machine Specification
java.vm.specification.vendor = Sun Microsystems Inc.
java.vm.specification.version = 1.0
java.vm.vendor = Sun Microsystems Inc.
java.vm.version = 1.4.2_04-b05
javaplugin.lib = /usr/java/j2re1.4.2_04/lib/i386/libjavaplugin_jni.so
javaplugin.nodotversion = 142_04
javaplugin.proxy.config.list =
javaplugin.proxy.config.type = browser
javaplugin.version = 1.4.2_04
javaplugin.vm.options = -DtrustProxy=true -Xverify:remote
-Djava.class.path=/usr/java/j2re1.4.2_04/classes
-Djava.protocol.handler.pkgs=sun.plugin.net.protocol
-Xbootclasspath/a:/usr/java/j2re1.4.2_04/lib/plugin.jar:/usr/java/j2re1.4.2_04/lib/javaplugin_l10n.jar -Djavaplugin.lib=/usr/java/j2re1.4.2_04/lib/i386/libjavaplugin_jni.so -Dmozilla.workaround=true -Djavaplugin.nodotversion=142_04 -Djavaplugin.version=1.4.2_04
line.separator = \n
line.separator.applet = true
mozilla.workaround = true
os.arch = i386
os.arch.applet = true
os.name = Linux
os.name.applet = true
os.version = 2.6.7
os.version.applet = true
package.restrict.access.netscape = false
package.restrict.access.sun = true
package.restrict.definition.java = true
package.restrict.definition.netscape = true
package.restrict.definition.sun = true
path.separator = :
path.separator.applet = true
sun.arch.data.model = 32
sun.boot.class.path =
/usr/java/j2re1.4.2_04/lib/rt.jar:/usr/java/j2re1.4.2_04/lib/i18n.jar:/usr/java/j2re1.4.2_04/lib/sunrsasign.jar:/usr/java/j2re1.4.2_04/lib/jsse.jar:/usr/java/j2re1.4.2_04/lib/jce.jar:/usr/java/j2re1.4.2_04/lib/charsets.jar:/usr/java/j2re1.4.2_04/classes:/usr/java/j2re1.4.2_04/lib/plugin.jar:/usr/java/j2re1.4.2_04/lib/javaplugin_l10n.jar
sun.boot.library.path = /usr/java/j2re1.4.2_04/lib/i386
sun.cpu.endian = little
sun.cpu.isalist =
sun.io.unicode.encoding = UnicodeLittle
sun.java2d.fontpath =
sun.net.client.defaultConnectTimeout = 120000
sun.os.patch.level = unknown
trustProxy = true
user.country = AU
user.dir = /home/mbarlow
user.home = /home/mbarlow
user.language = en
user.name = mbarlow
user.timezone = Europe/London
Done.
Trace level set to 5: basic, net, security, ext, liveconnect ...
completed.
Stopping applet ...
Joining applet thread ...
Destroying applet ...
Disposing applet ...
Quiting applet ...
Joined applet thread ...
setWindow: call before applet exists:41969218
setWindow: call before applet exists:41969218
Finding information ...
Releasing classloader: sun.plugin.ClassLoaderInfo@eca36e, refcount=0
Caching classloader: sun.plugin.ClassLoaderInfo@eca36e
Current classloader cache size: 1
Done ...
Referencing classloader: sun.plugin.ClassLoaderInfo@eca36e, refcount=1
Loading applet ...
Initializing applet ...
Starting applet ...
Connecting https://ibank.stgeorge.com.au/html/stGeorge/gui/BBB.class
with no proxy
Connecting https://ibank.stgeorge.com.au/html/stGeorge/gui/BBB.class
with cookie "bbbHeight=651; bbbWidth=1012; Entity=; bhCookie=1"
Loading Root CA certificates from
/usr/java/j2re1.4.2_04/lib/security/cacerts
Loaded Root CA certificates from
/usr/java/j2re1.4.2_04/lib/security/cacerts
Loading Https Root CA certificates from
/usr/java/j2re1.4.2_04/lib/security/cacerts
Loaded Https Root CA certificates from
/usr/java/j2re1.4.2_04/lib/security/cacerts
Loading JPI Https certificates from
/home/mbarlow/.java/deployment/security/deployment.jssecerts
Loaded JPI Https certificates from
/home/mbarlow/.java/deployment/security/deployment.jssecerts
Loading certificates from JPI session certificate store
Loaded certificates from JPI session certificate store
sun.plugin.cache.DownloadException
at sun.plugin.cache.CachedFileLoader.load(Unknown Source)
at sun.plugin.cache.FileCache.get(Unknown Source)
at
sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.connectWithCache(Unknown Source)
at
sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.connect(Unknown Source)
at
sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.getInputStream(Unknown Source)
at java.net.HttpURLConnection.getResponseCode(Unknown Source)
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source)
at sun.applet.AppletClassLoader.getBytes(Unknown Source)
at sun.applet.AppletClassLoader.access$100(Unknown Source)
at sun.applet.AppletClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.applet.AppletClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadCode(Unknown Source)
at sun.applet.AppletPanel.createApplet(Unknown Source)
at sun.plugin.AppletViewer.createApplet(Unknown Source)
at sun.applet.AppletPanel.runLoader(Unknown Source)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Connecting https://ibank.stgeorge.com.au/html/stGeorge/gui/BBB.class
with no proxy
Connecting https://ibank.stgeorge.com.au/html/stGeorge/gui/BBB.class
with cookie "bbbHeight=651; bbbWidth=1012; Entity=; bhCookie=1"
Connecting
https://ibank.stgeorge.com.au/html/stGeorge/gui/BBB/class.class with no
proxy
Connecting
https://ibank.stgeorge.com.au/html/stGeorge/gui/BBB/class.class with
cookie "bbbHeight=651; bbbWidth=1012; Entity=; bhCookie=1"
sun.plugin.cache.DownloadException
at sun.plugin.cache.CachedFileLoader.load(Unknown Source)
at sun.plugin.cache.FileCache.get(Unknown Source)
at
sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.connectWithCache(Unknown Source)
at
sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.connect(Unknown Source)
at
sun.net.www.protocol.https.PluginDelegateHttpsURLConnection.getInputStream(Unknown Source)
at java.net.HttpURLConnection.getResponseCode(Unknown Source)
at
sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(Unknown Source)
at sun.applet.AppletClassLoader.getBytes(Unknown Source)
at sun.applet.AppletClassLoader.access$100(Unknown Source)
at sun.applet.AppletClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at sun.applet.AppletClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadCode(Unknown Source)
at sun.applet.AppletPanel.createApplet(Unknown Source)
at sun.plugin.AppletViewer.createApplet(Unknown Source)
at sun.applet.AppletPanel.runLoader(Unknown Source)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Connecting
https://ibank.stgeorge.com.au/html/stGeorge/gui/BBB/class.class with no
proxy
Connecting
https://ibank.stgeorge.com.au/html/stGeorge/gui/BBB/class.class with
cookie "bbbHeight=651; bbbWidth=1012; Entity=; bhCookie=1"
load: class stGeorge.gui.BBB.class not found.
java.lang.ClassNotFoundException: stGeorge.gui.BBB.class
at sun.applet.AppletClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.applet.AppletClassLoader.loadCode(Unknown Source)
at sun.applet.AppletPanel.createApplet(Unknown Source)
at sun.plugin.AppletViewer.createApplet(Unknown Source)
at sun.applet.AppletPanel.runLoader(Unknown Source)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.io.IOException: open HTTP connection failed.
at sun.applet.AppletClassLoader.getBytes(Unknown Source)
at sun.applet.AppletClassLoader.access$100(Unknown Source)
at sun.applet.AppletClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
... 10 more
Exception: java.lang.ClassNotFoundException: stGeorge.gui.BBB.class

I also use Mozilla Firefox in Linux and the St. George Bank test fails ! ... I ask the bank to fix this at:
https://www.stgeorge.com.au/contact_us/feedback.asp?orc=home

Help : java.security.UnrecoverableKeyException: excess private key

Hi,
I require help for the exception "java.security.UnrecoverableKeyException: excess private key"
When i am trying to generate digital signature using PKCS7 format using bouncyCastle API, it gives the "java.security.UnrecoverableKeyException: excess private key" exception.
The full stack trace is as follows
------------------------------------------------------------------------java.security.UnrecoverableKeyException: excess private key
     at sun.security.provider.KeyProtector.recover(KeyProtector.java:311)
     at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:120)
     at java.security.KeyStore.getKey(KeyStore.java:289)
     at com.security.Security.generatePKCS7Signature(Security.java:122)
     at com.ibm._jsp._SendSecureDetail._jspService(_SendSecureDetail.java:2282)
     at com.ibm.ws.jsp.runtime.HttpJspBase.service(HttpJspBase.java:93)
I had tested the program under following scenarios...
The Java Program for generating the digital signature independently worked successfully(without any change in policy files or java.security file) I have tested this independently on Sun's JDK 1.4, 1.6
For IBM JDK 1.4 on Windows machine for WAS(Webshere Application Server) 6.0, The Program for generating the digital signature using PKCS7 works fine, but it required IBM Policy files(local_policy.jar, US_export_policy.jar) and updation in java.security file
But the problem occurs in Solaris 5.10, WAS 6.0 where Sun JDK 1.4.2_6 is used.
I copied the unlimited strength policy files for JDK 1.4.2 from Sun's site(because the WAS 6.0 is running on Sun's JDK intead of IBM JDK)...
I changed the java.security file as follows(only changed content)
security.provider.1=sun.security.provider.Sun
security.provider.2=com.ibm.security.jgss.IBMJGSSProvider
security.provider.3=com.ibm.crypto.fips.provider.IBMJCEFIPS
security.provider.4=com.ibm.crypto.provider.IBMJCE
security.provider.5=com.ibm.jsse2.IBMJSSEProvider2
security.provider.6=com.ibm.jsse.IBMJSSEProvider
security.provider.7=com.ibm.security.cert.IBMCertPath
security.provider.8=com.ibm.security.cmskeystore.CMSProvider
I have used PKCS12(PFX) file for digital signature
which is same for all environment(i have described as above)
I copied the PFX file from windows to solaris using WinSCP in binary format so the content of certificate won't get currupted.
I can not change the certificate because it's given by the company and which is working in other enviroments absolutely fine(just i have described above)
I have gone though the "http://forums.sun.com/thread.jspa?threadID=408066" and other URLs too. but none of them helped...
So what could be the problem for such exception?????
I am on this issue since last one month...
I know very little about security.
Thanks in advance
PLEASE HELP ME(URGENT)
Edited by: user10935179 on Sep 27, 2010 2:47 AM
Edited by: user10935179 on Sep 27, 2010 2:54 AM

user10935179 wrote:
The Java Program for generating the digital signature independently worked successfully(without any change in policy files or java.security file) If the program was working fine without changing the java.security policy file, why have you changed it to put the IBM Providers ahead of the SunRsaSign provider?
While I cannot be sure (because I don't have an IBM provider to test this), the error is more than likely related to the fact that the IBM Provider implementations for handling RSA keys internally are different from the SunRsaSign provider. Since you've now forced the IBM provider ahead of the original Sun provider, you're probably running into interpretation issues of the encoded objects inside the keystore.
Change your java.security policy back to the default order, and put your IBM Providers at the end of the original list and run your application to see what happens.
Arshad Noor
StrongAuth, Inc.

The loading of OPSS java security policy provider failed due to exception

Hi,
The issue is execution of startWebLogic.cmd failed,once shutting down the system and restarting it.At first time,after the installation ,it worked and I was able to log in to web logic server.I also created boot.properties file with user name and password for web logic server in user_projects/domains/UCM_domain/server/admin server/security folder.
The operating system is windows xp, with 32 bit,oracle web logic version 11g, and UCM version 11.1.1.4.0.
the error log is:
weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider
     at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1398)
     at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1018)
     at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
     at weblogic.security.SecurityService.start(SecurityService.java:141)
     at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
Caused By: oracle.security.jps.JpsRuntimeException: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider
     at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:291)
     at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:282)
     at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:261)
     at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
     at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
     at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
     at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
     at java.lang.Class.newInstance0(Class.java:355)
     at java.lang.Class.newInstance(Class.java:308)
     at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1339)
     at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1018)
     at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
     at weblogic.security.SecurityService.start(SecurityService.java:141)
     at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
Caused By: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider
     at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPolicyStore(PolicyUtil.java:847)
     at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:289)
     at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:282)
     at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:261)
     at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
     at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
     at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
     at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
     at java.lang.Class.newInstance0(Class.java:355)
     at java.lang.Class.newInstance(Class.java:308)
     at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1339)
     at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1018)
     at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
     at weblogic.security.SecurityService.start(SecurityService.java:141)
     at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
Caused By: java.security.PrivilegedActionException: oracle.security.jps.JpsException: [PolicyUtil] Unable to obtain default JPS Context!
     at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPolicyStore(PolicyUtil.java:792)
     at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:289)
     at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:282)
     at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:261)
     at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
     at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
     at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
     at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
     at java.lang.Class.newInstance0(Class.java:355)
     at java.lang.Class.newInstance(Class.java:308)
     at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1339)
     at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1018)
     at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
     at weblogic.security.SecurityService.start(SecurityService.java:141)
     at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
Caused By: oracle.security.jps.JpsException: [PolicyUtil] Unable to obtain default JPS Context!
     at oracle.security.jps.internal.policystore.PolicyUtil$1.run(PolicyUtil.java:808)
     at oracle.security.jps.internal.policystore.PolicyUtil$1.run(PolicyUtil.java:792)
     at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPolicyStore(PolicyUtil.java:792)
     at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:289)
     at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:282)
     at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:261)
     at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
     at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
     at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
     at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
     at java.lang.Class.newInstance0(Class.java:355)
     at java.lang.Class.newInstance(Class.java:308)
     at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1339)
     at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1018)
     at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
     at weblogic.security.SecurityService.start(SecurityService.java:141)
     at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
Caused By: oracle.security.jps.service.keystore.KeyStoreServiceException: JPS-06514: Opening of file based farm keystore failed.
     at oracle.security.jps.internal.keystore.file.FileKeyStoreManager.openKeyStore(FileKeyStoreManager.java:351)
     at oracle.security.jps.internal.keystore.file.FileKeyStoreServiceImpl.doInit(FileKeyStoreServiceImpl.java:101)
     at oracle.security.jps.internal.keystore.file.FileKeyStoreServiceImpl.<init>(FileKeyStoreServiceImpl.java:73)
     at oracle.security.jps.internal.keystore.file.FileKeyStoreServiceImpl.<init>(FileKeyStoreServiceImpl.java:63)
     at oracle.security.jps.internal.keystore.KeyStoreProvider.getInstance(KeyStoreProvider.java:157)
     at oracle.security.jps.internal.keystore.KeyStoreProvider.getInstance(KeyStoreProvider.java:64)
     at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.findServiceInstance(ContextFactoryImpl.java:139)
     at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getContext(ContextFactoryImpl.java:170)
     at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getContext(ContextFactoryImpl.java:191)
     at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:132)
     at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:127)
     at oracle.security.jps.internal.policystore.PolicyUtil$1.run(PolicyUtil.java:798)
     at oracle.security.jps.internal.policystore.PolicyUtil$1.run(PolicyUtil.java:792)
     at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPolicyStore(PolicyUtil.java:792)
     at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:289)
     at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:282)
     at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:261)
     at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
     at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
     at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
     at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
     at java.lang.Class.newInstance0(Class.java:355)
     at java.lang.Class.newInstance(Class.java:308)
     at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1339)
     at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1018)
     at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
     at weblogic.security.SecurityService.start(SecurityService.java:141)
     at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
>
####<Aug 10, 2011 4:18:13 PM IST> <Notice> <WebLogicServer> <saswsaho> <AdminServer> <Main Thread> <<WLS Kernel>> <> <> <1312973293797> <BEA-000365> <Server state changed to FAILED>
####<Aug 10, 2011 4:18:13 PM IST> <Error> <WebLogicServer> <saswsaho> <AdminServer> <Main Thread> <<WLS Kernel>> <> <> <1312973293797> <BEA-000383> <A critical service failed. The server will shut itself down>
####<Aug 10, 2011 4:18:13 PM IST> <Notice> <WebLogicServer> <saswsaho> <AdminServer> <Main Thread> <<WLS Kernel>> <> <> <1312973293812> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
####<Aug 10, 2011 4:18:13 PM IST> <Info> <WebLogicServer> <saswsaho> <AdminServer> <Main Thread> <<WLS Kernel>> <> <> <1312973293828> <BEA-000236> <Stopping execute threads.>

Thanks René van Wijk for the reply.
I tried the action u replied for my question, but the same error again continued.iam unable to login in admin server.
The main error is **Error message: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider**
**     at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1398)**
the message in the error log is
<BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider
weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider
     at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1398)
     at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1018)
     at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
     at weblogic.security.SecurityService.start(SecurityService.java:141)
     at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
Caused By: oracle.security.jps.JpsRuntimeException: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider
     at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:291)
     at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:282)
     at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:261)
     at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
     at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
     at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
     at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
     at java.lang.Class.newInstance0(Class.java:355)
     at java.lang.Class.newInstance(Class.java:308)
     at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1339)
     at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1018)
     at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
     at weblogic.security.SecurityService.start(SecurityService.java:141)
     at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
Caused By: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider
     at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPolicyStore(PolicyUtil.java:847)
     at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:289)
     at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:282)
     at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:261)
     at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
     at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
     at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
     at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
     at java.lang.Class.newInstance0(Class.java:355)
     at java.lang.Class.newInstance(Class.java:308)
     at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1339)
     at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1018)
     at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
     at weblogic.security.SecurityService.start(SecurityService.java:141)
     at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
Caused By: java.security.PrivilegedActionException: oracle.security.jps.JpsException: [PolicyUtil] Unable to obtain default JPS Context!
     at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPolicyStore(PolicyUtil.java:792)
     at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:289)
     at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:282)
     at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:261)
     at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
     at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
     at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
     at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
     at java.lang.Class.newInstance0(Class.java:355)
     at java.lang.Class.newInstance(Class.java:308)
     at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1339)
     at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1018)
     at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
     at weblogic.security.SecurityService.start(SecurityService.java:141)
     at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
Caused By: oracle.security.jps.JpsException: [PolicyUtil] Unable to obtain default JPS Context!
     at oracle.security.jps.internal.policystore.PolicyUtil$1.run(PolicyUtil.java:808)
     at oracle.security.jps.internal.policystore.PolicyUtil$1.run(PolicyUtil.java:792)
     at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPolicyStore(PolicyUtil.java:792)
     at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:289)
     at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:282)
     at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:261)
     at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
     at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
     at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
     at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
     at java.lang.Class.newInstance0(Class.java:355)
     at java.lang.Class.newInstance(Class.java:308)
     at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1339)
     at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1018)
     at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
     at weblogic.security.SecurityService.start(SecurityService.java:141)
     at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
Caused By: oracle.security.jps.service.keystore.KeyStoreServiceException: JPS-06514: Opening of file based farm keystore failed.
     at oracle.security.jps.internal.keystore.file.FileKeyStoreManager.openKeyStore(FileKeyStoreManager.java:351)
     at oracle.security.jps.internal.keystore.file.FileKeyStoreServiceImpl.doInit(FileKeyStoreServiceImpl.java:101)
     at oracle.security.jps.internal.keystore.file.FileKeyStoreServiceImpl.<init>(FileKeyStoreServiceImpl.java:73)
     at oracle.security.jps.internal.keystore.file.FileKeyStoreServiceImpl.<init>(FileKeyStoreServiceImpl.java:63)
     at oracle.security.jps.internal.keystore.KeyStoreProvider.getInstance(KeyStoreProvider.java:157)
     at oracle.security.jps.internal.keystore.KeyStoreProvider.getInstance(KeyStoreProvider.java:64)
     at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.findServiceInstance(ContextFactoryImpl.java:139)
     at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getContext(ContextFactoryImpl.java:170)
     at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getContext(ContextFactoryImpl.java:191)
     at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:132)
     at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:127)
     at oracle.security.jps.internal.policystore.PolicyUtil$1.run(PolicyUtil.java:798)
     at oracle.security.jps.internal.policystore.PolicyUtil$1.run(PolicyUtil.java:792)
     at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPolicyStore(PolicyUtil.java:792)
     at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:289)
     at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:282)
     at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:261)
     at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
     at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
     at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
     at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
     at java.lang.Class.newInstance0(Class.java:355)
     at java.lang.Class.newInstance(Class.java:308)
     at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1339)
     at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1018)
     at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
     at weblogic.security.SecurityService.start(SecurityService.java:141)
     at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
     at weblogic.work.ExecuteThread.execute(ExecuteThread.java:207)
     at weblogic.work.ExecuteThread.run(ExecuteThread.java:176)
>
####<Aug 11, 2011 11:09:57 AM IST> <Notice> <WebLogicServer> <saswsaho> <AdminServer> <Main Thread> <<WLS Kernel>> <> <> <1313041197187> <BEA-000365> <Server state changed to FAILED>
####<Aug 11, 2011 11:09:57 AM IST> <Error> <WebLogicServer> <saswsaho> <AdminServer> <Main Thread> <<WLS Kernel>> <> <> <1313041197187> <BEA-000383> <A critical service failed. The server will shut itself down>
####<Aug 11, 2011 11:09:57 AM IST> <Notice> <WebLogicServer> <saswsaho> <AdminServer> <Main Thread> <<WLS Kernel>> <> <> <1313041197187> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>
####<Aug 11, 2011 11:09:57 AM IST> <Info> <WebLogicServer> <saswsaho> <AdminServer> <Main Thread> <<WLS Kernel>> <> <> <1313041197218> <BEA-000236> <Stopping execute threads.>

Keystore to cacert in Java

Similar Messages

Maybe you are looking for