Keytool error: sun.security.x509.X500Name

Similar Messages

• NoClassDefFoundError: sun/security/x509/CertificateSerialNumber

  Hi!
  I have the following installed -
  JDK5, Tomcat for JWSDP and JWSDP.
  Now as per the docs for "Integrating the Java WSDP Component Technologies with the Tomcat 5.0 for Java WSDP Container" I execute the bat file "jwsdpontomcat.bat <tomcat5 installation dir>" but I am getting the following error -
  NoClassDefFoundError: sun/security/x509/CertificateSerialNumber
  I have the JAVA_HOME, CATALINA_HOME and JWSDP_HOME properly set but still I get this error. The class "CertificateSerialNumber" is in
  %JAVA_HOME%\jre\lib\rt.jar and this jar is in the classpath but still I get the error on executing the bat file.
  Any idea/suggestion/pointer what could be missing would be very helpful?
  TIA

  Hi,
  Sorry I can't answer your qustion but, as you can see, you are much further ahead of me in using this particular package. In fact, I have been trying to locate a copy of the sun.security package for downloading and have had no luck whatsoever! I have been just about everywhere imaginable on the Sun site and the only mention of it is here under the forums and a description located under http://java.sun.com/products/commerce/docs/ssl/packages.html. Judging by where you are, I was hoping that you could point me in the right direction via an appropriate URL.
  Thanks,
  Louis P. Civitello

• Sun.security.x509.X509CertInfo Doc & Examples?

  I am trying to parse some X509 certs with sun.security.x509.X509CertInfo and I get "java io exception: java.io.IOException: DerValue.getInteger, not an int 48". I know the cert is good because other cert tools display its contents properly.
  Does anyone know where I can get docs on the security classes and perhaps some examples? The Sun site does not appear to document these classes, so I suspect they have been tweeked by Oracle.
  Best regards,
  Michael

  Hi Bill,
  My problem is solved. I was using DP3 which was causing the problem. Now I am using DP4 and its working fine.
  Thanks a lot.
  Regards,
  Pramod

• Keytool error: java.security.KeyStoreException: java.lang.ClassCastExceptio

  hi,
  plz tell me to rectify this error when i tried to create genkey using bouncy castle provider.
  "keytool error: java.security.KeyStoreException: java.lang.ClassCastException"
  Million thks for u
  regs
  kathir

  hi eugen ,
  Thanks for ur reply to my qusn in Java forum.Iam sending the command line
  which i've used.Kindly check it and plz tell me a soln.Thank u
  have a nice day
  Kathiravan
  D:\certificatekeytool -genkey -alias testBouncy -keystore bouncystore
  Enter keystore password: bouncypwd
  What is your first and last name?
  [Unknown]: Kathiravan
  What is the name of your organizational unit?
  [Unknown]: ORG
  What is the name of your organization?
  [Unknown]: MyOrg
  What is the name of your City or Locality?
  [Unknown]: Chennai
  What is the name of your State or Province?
  [Unknown]: TN
  What is the two-letter country code for this unit?
  [Unknown]: IN
  Is <CN=Kathiravan, OU=ORG, O=MyOrg, L=Chennai, ST=TN, C=IN correct?
  [no]: Yes
  Enter key password for <testBouncy
  (RETURN if same as keystore password): bouncykey
  keytool error: java.security.KeyStoreException:
  java.lang.ClassCastException: org.bouncycastle.jce.X509Principal
  I think this is the probm of BouncyCastle provider(i've used both version of Bouncycastle provider ,same probm coming)

• Sun.security.validator.ValidatorException: No trusted certificate found

  Hello,
  I am using Java 1.6.0_04 (JBoss-4.2.2.GA application). My application implements a WS client which needs to integrate with an external Web Service. This communication needs to be handled through https.
  I have created a jks keystore with the server certificate, and passed its details to JBoss through the System Properties:
  -Djavax.net.ssl.trustStore=/Path-to-file  -Djavax.net.ssl.trustStorePassword=password     On my development environment I can call the Web Service correctly.
  Although, on the production environment, I am getting the following exception:
  javax.xml.ws.WebServiceException: java.io.IOException: Could not transmit message
       at org.jboss.ws.core.jaxws.client.ClientImpl.handleRemoteException(ClientImpl.java:317)
       at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:255)
       at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:164)
       at org.jboss.ws.core.jaxws.client.ClientProxy.invoke(ClientProxy.java:150)
       at $Proxy171.send(Unknown Source)
       at com.xpto.integration.SmsHelper.send(SmsHelper.java:57)
       at com.xpto.services.sms.SMSSenderServiceMBean.run(SMSSenderServiceMBean.java:106)
       at java.lang.Thread.run(Thread.java:619)
  Caused by: java.io.IOException: Could not transmit message
       at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:204)
       at org.jboss.ws.core.client.SOAPRemotingConnection.invoke(SOAPRemotingConnection.java:77)
       at org.jboss.ws.core.CommonClient.invoke(CommonClient.java:337)
       at org.jboss.ws.core.jaxws.client.ClientImpl.invoke(ClientImpl.java:243)
       ... 6 more
  Caused by: org.jboss.remoting.CannotConnectException: Can not connect http client invoker.
       at org.jboss.remoting.transport.http.HTTPClientInvoker.useHttpURLConnection(HTTPClientInvoker.java:
  333)
       at org.jboss.remoting.transport.http.HTTPClientInvoker.transport(HTTPClientInvoker.java:135)
       at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:122)
       at org.jboss.remoting.Client.invoke(Client.java:1634)
       at org.jboss.remoting.Client.invoke(Client.java:548)
       at org.jboss.ws.core.client.RemotingConnectionImpl.invoke(RemotingConnectionImpl.java:183)
       ... 9 more
  Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No truste
  d certificate found
       at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1591)
       at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
       at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:975)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:123)
       at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
       at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1096)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1107)
       at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:405)
       at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLCo
  nnection.java:166)
       at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:832)
       at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:23
  0)
       at org.jboss.remoting.transport.http.HTTPClientInvoker.useHttpURLConnection(HTTPClientInvoker.java:
  275)
       ... 14 more
  Caused by: sun.security.validator.ValidatorException: No trusted certificate found
       at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:304)
       at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:107)
       at sun.security.validator.Validator.validate(Validator.java:218)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:2
  09)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:2
  49)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
       ... 26 more     Both systems are configured with the same JBoss, JVM, ...
  The certificate details are:
  Owner=
    CN=*...., OU=..., O=..., L=..., ST=..., C=PT
  Issuer=
    CN=..., O=..., C=PT
  Version=3
  Serial Number=BC81A81843E26C2597CD10354588F61E
  Valid From=Monday, 3 March 2008 18:50
  Valid Until=Tuesday, 3 March 2009 18:50
  Signature Algorithm=SHA1withRSA
  Fingerprints=
      MD5:     0A:A6:89:92:A4:CF:17:74:7C:4E:20:63:6B:81:AE:85
      SHA1:    35:01:74:8C:35:AB:9F:02:7B:23:3F:15:5E:73:C6:4D:DD:BB:C0:7A
  Key Usage= critical
      List:
      . digitalSignature
      . keyEncipherment
      . dataEncipherment
      . keyAgreement
  Extended Key Usage= none
       On production I have also tried adding the following properties:
  -Djavax.net.ssl.keyStore=/Path-to-file  -Djavax.net.ssl.keyStorePassword=password     But I still get the error.
  Any one has any hint for this problem? Is there any property which I can define to ignore untrusted certificates?
  Any help would really be welcome.
  Thanks in advance.
  Best regards,
  Victor Batista

  Hi,
  Thanks for your prompt reply.
  I have also tried to add all the chain of certificates on my truststore, although I get the exception:
  Caused by: java.security.cert.CertificateExpiredException: NotAfter: Fri Mar 07 12:54:22 WET 2008
       at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:256)
       at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:570)
       at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:123)
       at sun.security.validator.Validator.validate(Validator.java:218)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
       at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
       at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:954)
       ... 26 moreAnd all the certificates are valid.
  I really don't understand what is going on.
  Can I Ignore expired certificates? Any property?
  When I use -Djavax.net.ssl.trustStore pointing to my keystore, will cacerts be also used?
  Do I need to import all the certificates in the chain of the server, or the top most is sufficient?
  The server where I am having the problem has limited connectivity. It should have connectivity to the issuers of the certificates, in order to validate them, or not?
  Thanks in advance,
  Victor

• From where can I download the sun.security Classes?

  I am interested in using the sun.security.x509.CertAndKeyGen class? Could somebody provide me some assistance on downloading this?
  Thanks,
  Louis P. Civitello

  http://java.sun.com/security/index.html

• Where is sun.security.tools.KeyTool

  I have read that I can only create certificates using the Keytool. However, I would like to present my users with a GUI where they can enter their details (similar to the ones that the Keytool asks), and once they press OK, my application will create a certificate for them.
  Can I create a certificate programmatically. (I don't want to tell my users: "Please, go to the command line and enter 'keytool -genkey .....' ")
  I was told that there is an API for sun.security.tools.KeyTool, but I cannot seem to find this API.
  Any thoughts

  I am in the same boat of trying to generate keys/certificates programmatically. I have used the KeyTool program. It's shortcoming is that you are calling the main(args []) method which does not throw an exception. Thus, if you execute a command (-genkey, -import, etc) that throws an exception, say where the -alias argument for the -import command already exists, the runtime exception kills your entire process, in my case it shutsdown tomcat ;( . Anyway, I used the Runtime.exec() call to execute commands so I could detect and handle error conditions. My problem now is that my -import call is just hanging and not returning (and I have run the same command from the command line with success).
  In short, I am going to look at the links above for third party APIs for certificate generation.
  Is there a more graceful or forgiving API from Sun other than the KeyTool program to generate and manage keys/certificates?
  Thanks in advance for your help and ideas.

• Error "java.lang.NoClassDefFoundError: sun/security/provider/Sun" in 10.1.2

  Hi,
  I developed an ADF UIX application in JDeveloper 10.1.2. It works fine when I run on embedded oc4j in my machine.
  I deployed it to Oracle Application Server 10g in AIX. When I run the application from the Application Server and try to open a uix page with data I get the following error:
  500 Internal Server Error
  java.lang.NoClassDefFoundError: sun/security/provider/Sun     at oracle.jbo.common.ampool.PoolMgr.createPool(PoolMgr.java:280)     at oracle.jbo.common.ampool.PoolMgr.findPool(PoolMgr.java:482)     at oracle.jbo.common.ampool.ContextPoolManager.findPool(ContextPoolManager.java:165)     at oracle.adf.model.bc4j.DataControlFactoryImpl.findOrCreateSessionCookie(DataControlFactoryImpl.java(Compiled Code))     at oracle.adf.model.bc4j.DataControlFactoryImpl.createSession(DataControlFactoryImpl.java(Compiled Code))     at oracle.adf.model.binding.DCDataControlReference.getDataControl(DCDataControlReference.java(Compiled Code))     at oracle.adf.model.BindingContext.get(BindingContext.java(Compiled Code))     at oracle.adf.model.binding.DCUtil.findSpelObject(DCUtil.java:228)     at oracle.adf.model.binding.DCUtil.findContextObject(DCUtil.java:308)     at oracle.adf.model.binding.DCIteratorBinding.<init>(DCIteratorBinding.java:127)     at oracle.jbo.uicli.binding.JUIteratorBinding.<init>(JUIteratorBinding.java:59)     at oracle.jbo.uicli.binding.JUIteratorDef.createIterBinding(JUIteratorDef.java:58)     at oracle.jbo.uicli.binding.JUIteratorDef.createIterBinding(JUIteratorDef.java:47)     at oracle.adf.model.binding.DCBindingContainerDef.createIterBindings(DCBindingContainerDef.java(Compiled Code))     at oracle.adf.model.binding.DCBindingContainerDef.createBindingContainer(DCBindingContainerDef.java(Compiled Code))     at oracle.adf.model.binding.DCBindingContainerReference.getBindingContainer(DCBindingContainerReference.java(Inlined Compiled Code))     at oracle.adf.model.BindingContext.get(BindingContext.java(Compiled Code))     at oracle.adf.model.binding.DCUtil.findSpelObject(DCUtil.java:228)     at oracle.adf.model.binding.DCUtil.findContextObject(DCUtil.java:308)     at oracle.adf.model.binding.DCUtil.findBindingContainer(DCUtil.java:536)     at oracle.adf.controller.lifecycle.LifecycleContext.initialize(LifecycleContext.java:121)     at oracle.adf.controller.lifecycle.LifecycleContext.initialize(LifecycleContext.java:77)     at oracle.adf.controller.struts.actions.DataActionContext.initialize(DataActionContext.java:51)     at oracle.adf.controller.struts.actions.DataAction.execute(DataAction.java:150)     at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)     at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)     at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)     at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:507)     at javax.servlet.http.HttpServlet.service(HttpServlet.java(Compiled Code))     at javax.servlet.http.HttpServlet.service(HttpServlet.java(Compiled Code))     at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java(Compiled Code))     at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java(Compiled Code))     at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java(Compiled Code))     at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java(Compiled Code))     at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java(Compiled Code))     at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.AJPRequestHandler.run(AJPRequestHandler.java(Compiled Code))     at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].server.http.AJPRequestHandler.run(AJPRequestHandler.java(Compiled Code))     at com.evermind[Oracle Application Server Containers for J2EE 10g (10.1.2.0.2)].util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java(Compiled Code))     at java.lang.Thread.run(Thread.java:568)
  Can anybody tell/help why I am getting this error?
  Thanks
  Syed

  I believe this counts to be a bug in adf. I met with such errors as well in migration 1012 from NT to AIX platform, and after decompiling adf jar code and tak a look at it, the following code block indicates that In class- oracle.jbo.client.Configuration
  , it is hard coded to get secure provider- sun/security/provider/Sun, as listed below...
  import sun.security.provider.Sun;
  static void checkSecurityProviders()
  Provider aprovider[] = Security.getProviders();
  boolean flag = false;
  for(int i = 0; i < aprovider.length; i++)
  if(!aprovider.getName().equals("SUN"))
  continue;
  flag = true;
  break;
  if(!flag)
  try
  Sun sun = new Sun();
  Security.addProvider(sun);
  catch(Exception exception)
  exception.printStackTrace();
  Adam

• Sun.security.smartcardio.PCSCException: Unknown error 0x8010002f

  Hi All
  I am writing java application to talk with smart card
  every thing is ok till i reach to this command:
  private static byte[] COMMAND2 = {(byte) 0xEF, (byte) 0xFA, (byte) 0xCE, (byte) 0x00, (byte) 0xFF};
  private static CommandAPDU COMMAND2_APDU = new CommandAPDU(COMMAND2);
  connectWithCard();
  sendAPDU1();
  card.disconnect(true); //Reset must occur before
  try{
  Thread.sleep(1000);
  catch(InterruptedException e)
  System.out.println("Exception for sleep : "+e.getMessage());
  connectWithCard();
  ra=ch.transmit(COMMAND2_APDU);//Exception occur here
  System.out.println("Response due to COMMAND2_APDU : " + arrayToHex(ra.getBytes()));
  JOptionPane.showMessageDialog(null,"Response due to COMMAND2_APDU : " + arrayToHex(ra.getBytes()), "Status", JOptionPane.ERROR_MESSAGE);
  //implementation for connectwithCard()
  try {
  card = c.connect("T=0");
  // System.out.println("Terminal connected");
  JOptionPane.showMessageDialog(null,"Terminal connected", "Status", JOptionPane.ERROR_MESSAGE);
  } catch (Exception e) {
  //  System.out.println("Terminal NOT onnected: " + e.toString());
  JOptionPane.showMessageDialog(null,"Terminal NOT onnected: " + e.toString(), "Status", JOptionPane.ERROR_MESSAGE);
  System.out.println("ATR: " + arrayToHex(((ATR) card.getATR()).getBytes()));
  JOptionPane.showMessageDialog(null,"ATR: " + arrayToHex(((ATR) card.getATR()).getBytes()), "Status", JOptionPane.ERROR_MESSAGE);
  ch = card.getBasicChannel(); Exception is:
  javax.smartcardio.CardException: sun.security.smartcardio.PCSCException: Unknown error 0x8010002f
  What should i do ?
  Thanks in Advance
  Edited by: Nabil_ on Aug 7, 2008 3:23 AM
  Edited by: Nabil_ on Aug 7, 2008 3:31 AM

  I make some changes like:
  1. make sending Command in separated Thread to take its time.
  2. change P3 from FF to 00
  the result was :
  -NO Exception incase P3=00 , but the returned status was 6E 00
  -When i put P3 any value except 0 , The Exception occur in all cases (even separate Thread or in the main thread)
  The problem now :
  I must send 9 commands (Card Recyle Command) to format my card , first eight commands (1---->8) should return
  9F 20 as status byte , but when i made P3=00 the returned status was 6E 00
  but the last command returned 90 00 (P3=00) as it is expected
  the Card OS was Bantry OS
  -Question can i make format the card in different way ?
  -According to Reader:
  I use 3 different readers (PC/SC)
  - Dell USB Keyboard Smart Card Reader
  -SCM Microsystems SCR33x USB Smart Card Reader (http://www.crownhill.co.uk/product.php?prod=1786)
  -SCM Microsystems SCR24x PCMCIA Smart Card Reader
  if u recommend reader for me
  -Can i use Linux (to use different stack rather than PC/SC) ?
  Another thing could be is that some of card readers do no support 255 bytes data field in one command. In this case data shouold be transfered by smaller portions.How can i do this (data should be transfered by smaller portions.) ?
  give me example if possible.
  Thanks in Advance.
  Nabil

• Keytool error: java.lang.Exception: Public keys in reply and keystore don't match - Web Logic 10.3.6.0 Linux 64 Bit

  Hi,
  Followed Oracle recommended note for generating .csr file  (Doc ID 1230333.1)
  01) $keytool -genkey -alias server.alias -keyalg RSA -keysize 1024 -dname "CN=ServerName,OU=Office,O=OTS,L=Location,S=SW,C=GB" -keypass mypass -keystore ServerName.jks -storepass mypass
  02) copy ServerName.jks ServerName.jks.org
  03) $keytool -list -v -keystore ServerName.jks -storepass mypass
  04) $keytool -certreq -v -alias server.alias -file ServerName.csr -keypass mypass -storepass mypass -keystore ServerName.jks
  05) Sent the .csr file to CA
  06) ived a filename.cer certificate.
  07) rated Root ServerNameRootCert.cer and Intermediate Certificate ServerNameRootInterCert.cer from filename.cer certificate
  Importing Root CA into the keystore ServerName.jks
  08) $keytool -import -v file ServerNameRootCert.cer -keystore ServerName.jks -trustcacerts -alias AliasOne
  09) $keytool -import -v file ServerNameRootInterCert.cer -keystore ServerName.jks -trustcacerts -alias AliasTwo
  Now importing the actual certificate using the alias server.alias in the above step 01) and 04)
  10) $keytool -import -v file ServerName.cer -keystore ServerName.jks -alias server.alias -keypass -storepass
  Getting error message
  keytool error: java.lang.Exception: Public keys in reply and keystore don't match
  java.lang.Exception: Public keys in reply and keystore don't match
  at sun.security.tools.KeyTool.establishCertChain(KeyTool.java:2618)
  at sun.security.tools.KeyTool.installReply(KeyTool.java:1870)
  at sun.security.tools.KeyTool.doCommands(KeyTool.java:807)
  at sun.security.tools.KeyTool.run(KeyTool.java:172)
  at sun.security.tools.KeyTool.main(KeyTool.java:167)
  Is that anything wrong with the Certificate what is issued by CA?
  Is the java version need to be different?
  Current Java Version
  java version "1.6.0_29"
  Java(TM) SE Runtime Environment (build 1.6.0_29-b11)
  Oracle JRockit(R) (build R28.2.0-79-146777-1.6.0_29-20111005-1807-linux-x86_64, compiled mode)
  Any suggestions please?
  Thanks,
  Kam

  Import the intermediate cert first then the root and then the signed server certificate.
  The alias of root and intermediate doesnt matter, but make sure that the alias of server cert is same as the alias of the private key entry.
  Have a look at the following example :
  https://blogs.oracle.com/blogbypuneeth/entry/steps_to_create_a_csr

• Keytool Error: DER Value Conversion

  I'm trying to import a certificate into a Keystore and I keep getting the following error:
  Keytool error: java.lang.IllegalArgumentException: DER value conversion
  I'm running this on a W2K3 box with Java SDK 1.4.2. I have imported this certificate on two other servers that have the same configuration with no problems. I've been trying to fix this thing for days and it has become very frustrating.
  Message was edited by:
  JayW

  Did you ever get any information on this?Yes, and I apologize for neglecting to post it here.
  First, I didn't get the aix 1.3 ssl working with my code, but I am pretty sure I could have if I'd just change the packages I imported. What we have done with our customers using Java 1.3 on aix is have them keep using the old Sun JSSE 1.0.2 for the time being. And we have our solaris customers stick to Java 1.3 so we have only one version of the code.
  In Java 1.4, ssl is bundled into Java. The ssl classes which were in vendor-specific packages like ibm.com and sun.com, will now be in javax.net.ssl.
  This information is from Brad Wetmore of the Java Security Team at Sun.
  So as soon as we can get Java 1.4 on AIX, we're moving to that and using the javax.net.ssl package.

• Keytool Error - Too Big

  Hi,
  I am trying to sign a java applet called JUpload from http://www.jupload.biz, with a certificate that we already have purchased. The private key was generated in IIS 6 on a Windows 2003 server, and the certificate was given to us in a *.crt format.
  First I tried signing the applet using just the crt file, which would import into the keystore, but as soon as I try to sign the applet, I would do the following and get the error:
  keytool -import -alias JUpload -file mycer.pso.com.crt
  Owner: CN=mycer.pso.com, OU=Domain Control Validated, O=mycer.pso.com Issuer: EMAILADDRESS=[email protected], CN=Starfield Secure Certification Authority, OU=http://www.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
  Serial number: 302088
  Valid from: Fri Jul 08 10:12:26 CDT 2005 until: Sat Jul 08 10:12:26 CDT 2006
  Certificate fingerprints:
  MD5: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
  SHA1: XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
  Trust this certificate? [no]: yes
  Certificate was added to keystore
  jarsigner jupload.jar JUpload
  jarsigner: Certificate chain not found for: JUpload. JUpload must reference a valid KeyStore key entry containing a private key and corresponding public key certificate chain.
  So after some digging I found that perhaps there is a problem because the crt does not have the private key. So I exported a pfx from IIS 6 which should contain the private key and did the following:
  keytool -import -storepass XXXXXX -storetype PKCS12 -alias JUpload -file XXXXXXXXXX.pfx
  keytool error: java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big.
  I have tried without the "storepass" and "storetype" flags, with no luck. Do I need to convert the pfx file to a p12 file. I read somewhere that you should just rename it, but that does the same thing as a pfx. I read also something to do with using OpenSSL, but I cannot find any examples of how I should do this.
  Any ideas?
  TIA
  Phil Dowson

  Scratch that, I found a copy and it did not make any difference to the issue, I still get the same error.
  Do you know of any alternate download locations, the
  sun site sends me to a page with a "Fatal Exception"
  error.
  If you are sure the export of the p12 file hasbeen
  successful, you consider using
  policy files for the "Unlimited Strength JCE"
  depending on the size of your key.
  Look at the thread of:
  http://forum.java.sun.com/thread.jspa?messageID=379043

• Error in Admin and manager server startup - BEA-149205-  due to error weblogic.security.internal.encryption.EncryptionServiceException

  Hi -
  I have installed OIM 11g r2 ps2, I an tring to start my Admin and SOA server :
  1. Though my admin server is coming up fine, but I am getting the following error when I am trying to start Admin server.
  ####<Apr 22, 2015 12:22:27 AM PDT> <Error> <Deployer> <devoimx003> <AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS
  Kernel>> <> <> <1429687347654> <BEA-149205> <Failed to initialize the application 'opss-DBDS' due to error weblogic.security.internal.encryption.EncryptionServiceException.
  weblogic.security.internal.encryption.EncryptionServiceException
          at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptBytes(JSafeEncryptionServiceImpl.java:139)
          at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptString(JSafeEncryptionServiceImpl.java:187)
          at weblogic.security.internal.encryption.ClearOrEncryptedService.decrypt(ClearOrEncryptedService.java:96)
          at sun.reflect.GeneratedMethodAccessor143.invoke(Unknown Source)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
          at java.lang.reflect.Method.invoke(Method.java:597)
          at weblogic.descriptor.DescriptorManager$SecurityServiceImpl$SecurityProxy._invokeServiceMethod(DescriptorManager.java:173)
          at weblogic.descriptor.DescriptorManager$SecurityServiceImpl$SecurityProxy.decrypt(DescriptorManager.java:192)
          at weblogic.descriptor.DescriptorManager$SecurityServiceImpl.decrypt(DescriptorManager.java:114)
          at weblogic.descriptor.internal.AbstractDescriptorBean._decrypt(AbstractDescriptorBean.java:1092)
          at weblogic.j2ee.descriptor.wl.JDBCDriverParamsBeanImpl.getPassword(JDBCDriverParamsBeanImpl.java:337)
          at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig.getDriverProperties(DataSourceConnectionPoolConfig.java:368)
          at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig$2.run(DataSourceConnectionPoolConfig.java:304)
          at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
          at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
          at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig.initJDBCParameters(DataSourceConnectionPoolConfig.java:300)
          at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig.access$000(DataSourceConnectionPoolConfig.java:24)
          at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig$1.run(DataSourceConnectionPoolConfig.java:78)
          at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
          at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
          at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig.getPoolProperties(DataSourceConnectionPoolConfig.java:75)
          at weblogic.jdbc.common.internal.ConnectionPool.doStart(ConnectionPool.java:1329)
          at weblogic.jdbc.common.internal.ConnectionPool.start(ConnectionPool.java:176)
          at weblogic.jdbc.common.internal.ConnectionPoolManager.createAndStartPool(ConnectionPoolManager.java:507)
          at weblogic.jdbc.common.internal.ConnectionPoolManager.createAndStartPool(ConnectionPoolManager.java:428)
          at weblogic.jdbc.module.JDBCModule.prepare(JDBCModule.java:280)
          at weblogic.application.internal.flow.ModuleListenerInvoker.prepare(ModuleListenerInvoker.java:199)
          at weblogic.application.internal.flow.DeploymentCallbackFlow$1.next(DeploymentCallbackFlow.java:517)
          at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
          at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:159)
          at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:45)
          at weblogic.application.internal.BaseDeployment$1.next(BaseDeployment.java:648)
          at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
          at weblogic.application.internal.BaseDeployment.prepare(BaseDeployment.java:191)
          at weblogic.application.internal.SingleModuleDeployment.prepare(SingleModuleDeployment.java:44)
          at weblogic.application.internal.DeploymentStateChecker.prepare(DeploymentStateChecker.java:154)
          at weblogic.deploy.internal.targetserver.AppContainerInvoker.prepare(AppContainerInvoker.java:60)
      at weblogic.deploy.internal.targetserver.SystemResourceDeployment.prepare(SystemResourceDeployment.java:55)
          at weblogic.management.deploy.internal.DeploymentAdapter$1.doPrepare(DeploymentAdapter.java:39)
          at weblogic.management.deploy.internal.DeploymentAdapter.prepare(DeploymentAdapter.java:191)
          at weblogic.management.deploy.internal.AppTransition$1.transitionApp(AppTransition.java:21)
          at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:240)
          at weblogic.management.deploy.internal.ConfiguredDeployments.prepare(ConfiguredDeployments.java:165)
          at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:122)
          at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:180)
          at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:96)
          at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
          at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
          at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
  Caused By: weblogic.security.internal.encryption.EncryptionServiceException
          at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptBytes(JSafeEncryptionServiceImpl.java:139)
          at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.decryptString(JSafeEncryptionServiceImpl.java:187)
          at weblogic.security.internal.encryption.ClearOrEncryptedService.decrypt(ClearOrEncryptedService.java:96)
          at sun.reflect.GeneratedMethodAccessor143.invoke(Unknown Source)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
          at java.lang.reflect.Method.invoke(Method.java:597)
          at weblogic.descriptor.DescriptorManager$SecurityServiceImpl$SecurityProxy._invokeServiceMethod(DescriptorManager.java:173)
          at weblogic.descriptor.DescriptorManager$SecurityServiceImpl$SecurityProxy.decrypt(DescriptorManager.java:192)
          at weblogic.descriptor.DescriptorManager$SecurityServiceImpl.decrypt(DescriptorManager.java:114)
          at weblogic.descriptor.internal.AbstractDescriptorBean._decrypt(AbstractDescriptorBean.java:1092)
          at weblogic.j2ee.descriptor.wl.JDBCDriverParamsBeanImpl.getPassword(JDBCDriverParamsBeanImpl.java:337)
          at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig.getDriverProperties(DataSourceConnectionPoolConfig.java:368)
          at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig$2.run(DataSourceConnectionPoolConfig.java:304)
          at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
          at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
          at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig.initJDBCParameters(DataSourceConnectionPoolConfig.java:300)
          at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig.access$000(DataSourceConnectionPoolConfig.java:24)
          at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig$1.run(DataSourceConnectionPoolConfig.java:78)
          at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
          at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
          at weblogic.jdbc.common.internal.DataSourceConnectionPoolConfig.getPoolProperties(DataSourceConnectionPoolConfig.java:75)
          at weblogic.jdbc.common.internal.ConnectionPool.doStart(ConnectionPool.java:1329)
          at weblogic.jdbc.common.internal.ConnectionPool.start(ConnectionPool.java:176)
          at weblogic.jdbc.common.internal.ConnectionPoolManager.createAndStartPool(ConnectionPoolManager.java:507)
          at weblogic.jdbc.common.internal.ConnectionPoolManager.createAndStartPool(ConnectionPoolManager.java:428)
          at weblogic.jdbc.module.JDBCModule.prepare(JDBCModule.java:280)
          at weblogic.application.internal.flow.ModuleListenerInvoker.prepare(ModuleListenerInvoker.java:199)
          at weblogic.application.internal.flow.DeploymentCallbackFlow$1.next(DeploymentCallbackFlow.java:517)
          at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
        at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:159)
          at weblogic.application.internal.flow.DeploymentCallbackFlow.prepare(DeploymentCallbackFlow.java:45)
          at weblogic.application.internal.BaseDeployment$1.next(BaseDeployment.java:648)
          at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:52)
          at weblogic.application.internal.BaseDeployment.prepare(BaseDeployment.java:191)
          at weblogic.application.internal.SingleModuleDeployment.prepare(SingleModuleDeployment.java:44)
          at weblogic.application.internal.DeploymentStateChecker.prepare(DeploymentStateChecker.java:154)
          at weblogic.deploy.internal.targetserver.AppContainerInvoker.prepare(AppContainerInvoker.java:60)
          at weblogic.deploy.internal.targetserver.SystemResourceDeployment.prepare(SystemResourceDeployment.java:55)
          at weblogic.management.deploy.internal.DeploymentAdapter$1.doPrepare(DeploymentAdapter.java:39)
          at weblogic.management.deploy.internal.DeploymentAdapter.prepare(DeploymentAdapter.java:191)
          at weblogic.management.deploy.internal.AppTransition$1.transitionApp(AppTransition.java:21)
          at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:240)
          at weblogic.management.deploy.internal.ConfiguredDeployments.prepare(ConfiguredDeployments.java:165)
          at weblogic.management.deploy.internal.ConfiguredDeployments.deploy(ConfiguredDeployments.java:122)
          at weblogic.management.deploy.internal.DeploymentServerService.resume(DeploymentServerService.java:180)
          at weblogic.management.deploy.internal.DeploymentServerService.start(DeploymentServerService.java:96)
          at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
          at weblogic.work.ExecuteThread.execute(ExecuteThread.java:256)
          at weblogic.work.ExecuteThread.run(ExecuteThread.java:221)
  2. My SOA server is coming up but in admin mode and giving OPSS connections errors.
  Any help is really appreciated!
  Thanks,
  SK

  Hi Faisal -
  is your domain in development mode or production mode?
       - While configuring my domian , I had selected Prod Mode, but pon start up when I see in admin server console, it is starting in developement mode already ?
  Any idea how, why ?
  if its production mode you can switch to development mode, change all the credentials in the config.xml and configurations under sub folders to cleartext and start the server..
  - Let me still try these and get back to you.
  Thanks,
  SK

• Web Service Security X509 token issue...

  Hi All,
  I have an issue with using X509 certificates. Please find the details attached below:-
  I used the following link to create a simple keystore using 3rd party tools:-
  http://www.oracle.com/technology/products/jdev/howtos/1013/wssecure/CreateKeyStore_howto.htm
  NOTES:
  1) I think the above link creates self signed certificates.
  2) The signature and encryption key for both the web service and proxy created below are the same.
  As can be seen from this link, two certificates are created with aliases sam and dave. I then used the following link to secure the web service and proxy:-
  http://www.oracle.com/technology/products/jdev/howtos/1013/wssecure/10gwssecurity_howto.html
  This link uses the OAS manager to set the keytoll related properties. These entries are already into system-jazn-data.xml. A point to note here is that the aliases of the certificates are stored in system-jazn-data.xml.
  My oracle-webservices.xml has the mapping attribute of the verify-x509-token token set to CN (Common Name). Hence I changed the above entries in system-jazn-data to reflect the common names instead of the aliases.
  However the standalone OC4J server still throws the following error whether I try to run the proxy with the mapping attr set to alias or CN in the jazn file:-
  07/07/05 20:58:14 Oracle Containers for J2EE 10g (10.1.3.1.1) initialized
  2007-07-05 20:58:39.876 ERROR Cannot authenticate X509 certificate, User CN=Sam
  Cooke, OU=samDept, EMAILADDRESS=[email protected], O=samOrg, L=samCity, ST=samState
  , C=US does not exist in our system
  07/07/05 20:58:39 javax.security.auth.login.LoginException: Cannot authenticate
  X509 certificate, User CN=Sam Cooke, OU=samDept, EMAILADDRESS=[email protected], O=
  samOrg, L=samCity, ST=samState, C=US does not exist in our system
  I have not exported any certificates from client to serve or vice versa.
  Please could someone help out? This is urgent.
  Regards,
  Lester.

  I had the same issue and solved it like this:
  Create a signed certificate, import it into your keystore and use that as Signature Key alias in both the client as the server security. Make sure the user with the same name exists in the realm on the server.
  Hope this helps,
  Lonneke

• Sun.security.validator.ValidatorException: Netscape cert type does not perm

  Hi,
  I am getting the following exception when clientAuthentication is enabled for ssl connection.
  I am using tomcat and a java client in my application.
  Please let me know how do i get through this.
  Thanks in advance
  -Sanjeev
  Below trace is from catalina.out
  ===========================
  http-8443-Processor24, SEND TLSv1 ALERT: fatal, description = certificate_unknown
  http-8443-Processor24, WRITE: TLSv1 Alert, length = 2
  http-8443-Processor24, called closeSocket()
  http-8443-Processor24, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: Netscape cert type does not permit use for SSL client
  http-8443-Processor24, called close()
  http-8443-Processor24, called closeInternal(true)
  ===================================
  I get the below exception in my java client application.
  ==========================================
  : 68 42 6F FD E9 35 AB E5 C7 48 31 2C 78 31 BA F0 hBo..5...H1,x1..
  0020: EB 97 10 1F F9 B2 03 B7 7D CE 8A 04 73 37 07 A1 ............s7..
  0030: 9D 46 5A A2 B7 99 EE 86 1D EE A1 E4 D6 64 73 9B .FZ..........ds.
  0040: 6B FA D1 19 44 54 C0 47 DC F8 E1 4B 33 F6 0D 2D k...DT.G...K3..-
  0050: C9 04 B7 E8 8F 67 00 99 78 67 CC BE 26 C4 73 B5 .....g..xg..&.s.
  0060: 88 26 F6 08 B7 A3 89 A0 28 29 79 DD 16 B0 86 8F .&......()y.....
  0070: DE AA EA D3 1F 9F 8B 5B E7 B4 51 3B C8 90 67 0D .......[..Q;..g.
  0080: 68 46 F1 CC 10 D9 hF....
  main, WRITE: TLSv1 Handshake, length = 134
  main, WRITE: TLSv1 Change Cipher Spec, length = 1
  main, handling exception: java.net.SocketException: Software caused connection abort: socket write error
  main, SEND TLSv1 ALERT: fatal, description = unexpected_message
  main, WRITE: TLSv1 Alert, length = 2
  Exception sending alert: java.net.SocketException: Software caused connection abort: socket write error
  main, called closeSocket()
  Exception
  =================================================

  Netscape cert type does not permit use for SSL clientTry using another certificate. Your certificate can't be used as a web browser client certificate.