Signed applet using ssl connection Problem!

Hi all.
The problem is that when I sign my applet and try to connect trough SSL the IAIK throughs ClassCastException when trying to load the client certificate.
1. I added client certificate ( DER format ) to the applet jar.
2. I signed an applet with another certificate so it whould have all permissions.
3. My applet tried to create SSL connection and failed throwing
java.lang.ClassCastException: iaik.asn1.structures.Name

I have found a solution for a similar problem. Check out http://java.sun.com/j2se/1.4.1/docs/guide/security/jsse/JSSERefGuide.html#Troubleshooting

Similar Messages

  • Some RST are seen during TCP disconnection when using SSL connection

    Some RST are seen during TCP disconnection when using SSL connection
    It is expected that the disconnection sequence for a secure connection to be as follow:
    client ************************* server
    --- alert (warning, close notify) --->
    <--- alert (warning, close notify) ---
    in any order;
    and then:-
    --------------- FIN, ACK ------------>
    <----------- FIN, ACK ---------------
    ------------------ ACK ----------------->
    Instead of the sequence described above, the TCP connection for a secure connection is closed with an RST.
    For instance, Wireshark capture shows that an SSL+SASL TCP connection is closed in the following manner:
    client ************************** server
    --- alert (warning, close notify) ---->
    ---------------- FIN, ACK ------------>
    <--- alert (warning, close notify) ---
    <----------- FIN, ACK ---------------------
    ------------ RST -----------------> *(This RST message should be investigated, an ACK message was expected)*
    Server: OpenLDAP: slapd 2.4.23
    Client: (java version "1.6.0_16")
    import javax.naming.*;
    import javax.naming.directory.*;
    import javax.naming.ldap.InitialLdapContext;
    import java.util.Hashtable;
    import javax.naming.ldap.InitialLdapContext;
    import javax.naming.ldap.StartTlsRequest;
    import javax.naming.ldap.StartTlsResponse;
    class Client {
    private static final String DEFAULT_INITIAL_CONTEXT_FACTORY = "com.sun.jndi.ldap.LdapCtxFactory";
    public static void main(String[] args) {
    //SSL
    try {
    System.setProperty("javax.net.ssl.keyStore", "c:\\\keystore");
    System.setProperty("javax.net.ssl.keyStorePassword", "adminadmin");
    System.setProperty("javax.net.ssl.trustStore","c:\\\keystore");
    System.setProperty("javax.net.ssl.trustStorePassword","adminadmin");
    // Set up environment for creating initial context
    Hashtable env = new Hashtable(11);
    env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    // Must use the name of the server that is found in its certificate
    env.put(Context.PROVIDER_URL, "ldap://1.2.4.4:16415");
    env.put(Context.SECURITY_AUTHENTICATION, "simple");
    env.put(Context.SECURITY_PRINCIPAL, "cn=manager,dc=operator,dc=com");
    env.put(Context.SECURITY_CREDENTIALS, "password");
    env.put(Context.SECURITY_PROTOCOL, "ssl");
    // Create initial context
    InitialLdapContext ctx = new InitialLdapContext(env, null);
    // Close the context when we're done
    ctx.close();
    catch(Exception e)
    e.printStackTrace();
    Is it a bug ? Can I expect to have a patch for this issue?
    Regards,
    Olivier
    Edited by: 975464 on 6-Dec-2012 11:21 AM

    I agree it should be an ACK not an RST but it doesn't really matter. The connection is closed, and as neither the client nor the server has any pending data it is benign. Worth investigating in a later JRE.

  • Got problem when using SSL connection when using my own web server

    hi all,
    I need to create a SSL connection to a website, i'm using Java 5 so i just append use the following code,
    System.setProperty("https.proxyHost","90.0.0.122");
              System.setProperty("https.proxyPort","3128");
              URL verisign = new URL("https://www.verisign.com");
              //URL verisign = new URL("https://localhost");       
              //URL verisign = new URL("https://90.0.0.30");
              BufferedReader in = new BufferedReader(
                        new InputStreamReader(
                                  verisign.openStream()));
              String inputLine;
              while ((inputLine = in.readLine()) != null)
                   System.out.println(inputLine);
              in.close();
         }Here when i run the program with arg https://www.verisign.com it works fine, when i replace it with https://locahost it shows the follwing error
    Exception in thread "main" java.io.IOException: HTTPS hostname wrong:  should be <localhost>
         at sun.net.www.protocol.https.HttpsClient.checkURLSpoofing(HttpsClient.java:493)
         at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:418)
         at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:170)
         at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:913)
         at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
         at java.net.URL.openStream(URL.java:1007)
         at URLReader.main(URLReader.java:93)i dono why this happening any can pls help me out to solve the problem

    HI all ,
    I find a solution from the post
    http://forum.java.sun.com/thread.jspa?threadID=521779&start=0
    Thanks

  • FTP/SSL Connection Problem for FTP Receiver Adapter

    Hello All,
    We are trying to establish an FTPS/SSL connection with one of our customers from our XI(Unix) system, and are receive following error:
    <b>iaik.security.ssl.SSLException: Server certificate rejected by ChainVerifier</b>
    Communication Channel Parameters:
    Connection Security: FTP (FTP Using SSL/TLS) for Control Connection or FTP (FTP Using SSL/TLS) for Control Connection and Data Connection
    Command Order: AUTH TLS, USER, PASS, PBSZ, PROT
    Checkbox - Use X.509 Certificate.... checked (Certificate was provided by third party (customer issued) and uploaded to service_ssl certificate store on J2EE server)
    Data Connection: Passive
    Port: 10021
    Keystore: service_ssl
    X.509 Certificate & Private Key: ssl-credentials
    Note: Initial handshaking occurs but connection is being dropped by the third party FTP Server when SSL certificate credentials are being validated. We also tried connecting to the third party FTPS server using standard FTPS client(FileZilla software), this connection gets established successfully with no certificate issues which means certificate and third party FTP Server is functioning correctly.
    We therefore are thinking that the problem lies with our XI system being unable to load the certificate information correctly at the point when FTPS session is being established.
    Your help and suggestions will be greatly appreciated.
    Thanks and Best Regards
    Prashant Rajani

    Hello All,
    Further in order to test connection set up and communication channel configuration we tried simulating the FTP connection locally by configuring FTP Server using FileZilla at a local machine and accessed it from Client's XI Server.
    This set up simulates the problem we encounter with our customer's FTP Server.
    If connection security parameter in communication channel for Sender FTP Adapter is set to <b>"FTPs( FTP Using SSL/TLS) with Control Connection" only</b>, file gets successfully created with data at the FTP server but as soon as we switch the connection security parameter to <b>"FTPs( FTP Using SSL/TLS) with Control and Data Connection"</b>, we receive error "Certificate rejected by Chain Verifier". The initial handshaking happens successfully and file gets created at the FTP Server but its empty, connection fails when attempt is made to write data into file and we end up with said error thereby closing the connection.
    This is what the FTP (FileZilla) sees when the XI system attempts to set-up a fully encrypted data  (FTPS) connection i.e., connection security parameter value as<b>"FTPs( FTP Using SSL/TLS) with Control and Data Connection"</b> :-
    - (not logged in) (10.18.106.34)> Connected, sending welcome message...
    - (not logged in) (10.18.106.34)> 220-FileZilla Server version 0.9.18 beta
    - (not logged in) (10.18.106.34)> 220-written by Tim Kosse ([email protected])
    - (not logged in) (10.18.106.34)> 220 Please visit http://sourceforge.net/projects/filezilla/
    - (not logged in) (10.18.106.34)> AUTH TLS
    - (not logged in) (10.18.106.34)> 234 Using authentication type TLS
    - (not logged in) (10.18.106.34)> SSL connection established
    - (not logged in) (10.18.106.34)> USER test
    - (not logged in) (10.18.106.34)> 331 Password required for test
    - (not logged in) (10.18.106.34)> PASS ***********
    - test (10.18.106.34)> 230 Logged on
    - test (10.18.106.34)> PBSZ 0
    - test (10.18.106.34)> 200 PBSZ=0
    - test (10.18.106.34)> PROT P
    - test (10.18.106.34)> 200 Protection level set to P
    - test (10.18.106.34)> SYST
    - test (10.18.106.34)> 215 UNIX emulated by FileZilla
    - test (10.18.106.34)> PWD
    - test (10.18.106.34)> 257 "/" is current directory.
    - test (10.18.106.34)> CWD /payment/
    - test (10.18.106.34)> <b>250 CWD successful. "/payment" is current directory.</b>- test (10.18.106.34)> TYPE I
    - test (10.18.106.34)> 200 Type set to I
    - test (10.18.106.34)> PASV
    - test (10.18.106.34)> <b>227 Entering Passive Mode (10,27,7,103,15,63)</b>- test (10.18.106.34)> STOR BHPDSB20060911-153840-834.txt
    - test (10.18.106.34)> <b>150 Connection accepted</b>
    - test (10.18.106.34)> <b>Data connection SSL warning: SSL3 alert read: fatal: bad certificate</b>
    - test (10.18.106.34)> <b>Data connection SSL warning: SSL_accept: failed in SSLv3 read client certificate A</b>- test (10.18.106.34)> <b>Data connection SSL warning: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate</b>- test (10.18.106.34)> <b>Data connection SSL warning: error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure</b>- test (10.18.106.34)> <b>426 Connection closed; transfer aborted.</b>- test (10.18.106.34)> QUIT
    - test (10.18.106.34)> 221 Goodbye
    - test (10.18.106.34)> SSL connection established
    Please suggest your valuable inputs if we are missing out something. Any helpful inputs in this regard is highly appreciated.
    Thanks and Best Regards
    Prashant

  • Cannot download a file with internet explorer 6 using SSL connection

    Hello,
    I am working on a application that uses SSL. But when the clicks a button to donwload a file using IE 6 or IE 7, internet explorer shows a error message saying that "The internet explorer cannot open this site". This error dont occur in Firefox, but i have to use Internet Explorer. And the error occurs only if i use https, with http it works fine.
    I search the net and i found that internet explorer has a bug, that when the server sends the http header "Pragma: no-cache" or "Cache-control: no-cache,max-age=0,must-revalidate", then the internet explorer doesnt cache the file, and i cannot open it. See here: http://support.microsoft.com/kb/316431/en-us
    My problem is that OC4J appears to send this headers automatically. I am using Oracle Enterprise Manager 10g Application Server Control 10.1.3.3.0. Here, is my code to send the file:
    HttpServletResponse response = (HttpServletResponse)
    FacesContext.getCurrentInstance().getExternalContext().getResponse();
    response.setContentType("application/x-download");
    response.setHeader("Content-Disposition", "attachement; filename=\"file.pfx\"");
    response.setContentLength((new Long(myFile.length())).intValue());
    OutputStream out=null;
    try {
    out = response.getOutputStream();
    fis = new FileInputStream(myFile);
    int n;
    while ((n = fis.available())> 0) {
    b = new byte[n];
    int result = fis.read(b);
    out.write(b, 0, b.length);
    if (result == -1) break;
    out.flush();
    out.close();
    } catch (Exception e){
    throw new DownloadException("Erro ao enviar arquivo para o stream de download.");
    finally{
    FacesContext.getCurrentInstance().responseComplete();
    You can see that i not send that headers in this code.
    Here, is the headers sent to IE when i use https.
    HTTP/1.x 200 OK
    Date: Wed, 07 May 2008 17:40:28 GMT
    Server: Oracle-Application-Server-10g/10.1.2.0.2 Oracle-HTTP-Server
    Pragma: no-cache
    Cache-Control: no-store
    Surrogate-Control: no-store
    Expires: Thu, 01 Jan 1970 12:00:00 GMT
    Content-Length: 5208
    Set-Cookie: JSESSIONID=ac1002292008f788e14d0d6e40c29f3185f2fc72e5b9.e3eTb3mTb3yKe34SbhqOaxyTe6fznA5Pp7ftnR9Jrl0; path=/actcers; secure
    content-disposition: attachement; filename="file.pfx"
    Keep-Alive: timeout=15, max=74
    Connection: Keep-Alive
    Content-Type: application/x-download
    I hope that someone can helpme.
    Tanks
    Message was edited by:
    user635088

    Hi!
    I don't have a solution fou you, just a few ideas =)
    You can check what headers response contains with
    response.containsHeader( "your_header_here");
    http://java.sun.com/j2ee/sdk_1.2.1/techdocs/api/javax/servlet/http/HttpServletResponse.html#containsHeader(java.lang.String)
    after that you could set/overwrite those headers that you don't like with, for example:
    response.setHeader("Cache-control", "no-cache,max-age=0,must-revalidate");
    Aparently Pragma and Cache-control headers should be used in pair, as noted here
    http://curl.haxx.se/mail/archive-2005-12/0003.html
    quote:"The author of Bad Behavior points out that RFC2616 requires that a
    Pragma: header to be accompanied by a Cache-Control: header. From what I
    see, it only says "SHOULD" (in section 14.32), but that is still a
    strong recommendation and something to be considered, IMHO."
    I'm a bit sceptical about you needing to cache the file, but if you feel strong about it, you could read this
    http://www.mnot.net/cache_docs/#META
    If you're working on SSL there is supposed to be some kind of validation, certificate or something like that. IE6 and 7 both have strong security measures in these regards. Maybe you should look something up in that direction.
    Hope I helped.

  • Default security context for signed applets using WinXP+IE8

    What is the default security context for signed applets from the internet zone using Java 6 and WinXP+IE8 combination? My guess is that all file and socket access available for the user's Windows account is provided to the applet as well. Is this correct and if so, is there a way to limit these access privileges for signed applets from the internet zone?
    This information is surprisingly difficult to find given how security concious people now are using the internet.

    AntonBoer wrote:
    Thank you for your swift reply.
    Unfortunately your answer reflects to my worst fears. Frankly I find this security model naiive. Anyone with euros can get their applet signed so that is no security control at all.The same naive security model applies to just about anything signed and downloaded; not just to Java Applets.
    >
    Working for a corporate IT how I am supposed to allow Java installations on any of our computers with internet access? That automatically means I am providing them as platforms to whoever wishes to run Java code on them (given that the user of course visits the web site). I would have expected Sun to put more effort into this but it appers nothig have changed in this regard for 10 years.I don't see this as a Sun problem; it is indicative of what I consider to be a general security weakness for all computer systems. For example, for Windows, Vista just added more user involvement in the trust process but it still allows programs to run pretty much unconstrained if the user agrees to them running.
    For some time I have advocated a more fine grained approach. I would like to see ALL programs run in a sandbox that a user can specify what and what cannot be done by each individual program. Unfortunately, this would annoy the hell out of most users so it has little chance of every of ever being accepted. The average user just wants a run-and-forget-about-security model.

  • Signed Applet - Using same alias while development

    Hi,
    I am working on Embedded Java Signed Applet. My applet using the TCP/IP thus required to load each time to my Lantronix XPort.
    The problem is, every time I change something in the applet, I need to run the following commands again and finally load to Lantronix XPort.
    And every time, I required to change the alias name i.e. signapplet17 in the following commands.
    Is there any easy way while developing the signed applet
    e.g. we can use the same alias name each time i.e. signapplet1 ( I reached to signapplet17)
    Or we can avoid the following commands while developing.
    jar cmf mainClass.txt DataMain.jar *.class
    : Generate key pairs
    keytool -genkey -alias signapplet17 -keystore mykeystore -keypass mykeypass -storepass mystorepass
    : Sign the JAR file
    jarsigner -keystore mykeystore -storepass mystorepass -keypass mykeypass -signedjar SDataMain.jar DataMain.jar signapplet17
    : Export the public key certificate
    keytool -export -keystore mykeystore -storepass mystorepass -alias signapplet17 -file mycertificate.cer
    Thanks.

    This is my code that i use to read the graph:
    private Graph<Integer, Integer> loadGraph(int year, String type) {
         String graph_dir = ProjectDir.data_dir + "input/Network/vt_kn." + year + "-" + year + "/";
         String graph_name = "vt_kn." + year + "-" + year +".intern." + type;
              Graph<Integer, Integer>graph = new UndirectedSparseMultigraph<Integer, Integer>();
              try{
                   GraphMLReader<Graph<Integer, Integer>, Integer, Integer> gmlReader
                        = new GraphMLReader<Graph<Integer, Integer>, Integer, Integer>();     
                   gmlReader.load(graph_dir + graph_name +".graphml", graph);               
              } catch (Exception e) {
                   e.printStackTrace();
    System.out.println("loaded: " + graph_name);
    return graph;
    public class ProjectDir {
         public static final String data_dir = "F:/Apache/Tomcat 6.0/webapps/ROOT/app/Data/";
         public static final String script_dir = "../Script/";
         //F:/Apache/Tomcat 6.0/webapps/ROOT/VT/data/
    Could you tell me how i could change this code so that i can load from a url instead of a file?

  • Please HELP!!! Signed Applet .. Printing Problem..

    Hi.. I wrote a signed applet that would send info to the client's printer.. I have it working in the appletviewer.. but when I try to send something throught the IE, it complains about missing java.awt.print package.. anyone had any problems with printing .. Please help..

    give more detail!

  • Web Proxy Server 3.6 with Administration Server using SSL connection

    In your manual: Administrator�s Guide Sun� ONE Web Proxy Server Version 3.6 SP3 for UNIX you wrote:
    You should also make the administrative connection a mandatory SSL connection
    Instead of using http://servername:port_number
    I need to use:
    https://servername:port_number
    How can I do that?
    Thanx
    Gian Mario

    HI
    To enable https for the admin,
    Create a certifcate for the proxy admin
    Next, From 'Admin Preferences', click on 'Encryption on/off'
    From the 'Encryption on/off'; screen that appears, click on the 'on' radio button. Select the certficate from the alias list and click on OK to enable encryption for the cerficate you have installed for your admin server.
    Now restart you admin server.
    You wil now be able to connect to your admin using https
    Thanks
    Nagendra HK

  • Signed Applet able to connect to distant webservice?

    Hello :)
    I was wondering if an applet would be able to connect to a web service located on a distant server (Axis 1.3). I have signed the applet but it still doesn't work...
    Architecture:
    Signed Applet >> Axis 1.3 web service >> MySQL requests
    Is it possible without editing the java.policy file on each client machine?
    If the answer is no, would it be better to change my architecture by the following one ? :
    Signed Applet >> Servlet >> Axis 1.3 web service >> MySQL requests
    Thanks in advance for your help!
    Bye

    I'll try to explain a bit more what i am doing out there. It's just a test applet to gather information with forms. When the user is done filling the forms, he clic send.
    The applet connects to an axis web service which connects to a MySQL databases and create the user account with the user informations filled in the applet.
    Tell me if you need to know more about it. Here is the exception:
    Exception in thread "AWT-EventQueue-2" java.lang.ExceptionInInitializerError
         at org.apache.commons.discovery.jdk.JDKHooks.<clinit>(JDKHooks.java:75)
         at org.apache.commons.discovery.tools.DiscoverSingleton.find(DiscoverSingleton.java:412)
         at org.apache.commons.discovery.tools.DiscoverSingleton.find(DiscoverSingleton.java:378)
         at org.apache.axis.components.logger.LogFactory$1.run(LogFactory.java:45)
         at java.security.AccessController.doPrivileged(Native Method)
         at org.apache.axis.components.logger.LogFactory.getLogFactory(LogFactory.java:41)
         at org.apache.axis.components.logger.LogFactory.<clinit>(LogFactory.java:33)
         at org.apache.axis.handlers.BasicHandler.<clinit>(BasicHandler.java:43)
         at org.apache.axis.client.Service.getAxisClient(Service.java:103)
         at org.apache.axis.client.Service.<init>(Service.java:112)
         at creation.CreationCompte.ok_actionPerformed(CreationCompte.java:131)
         at creation.CreationCompte$CreationCompte_ok_actionAdapter.actionPerformed(CreationCompte.java:338)
         at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
         at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
         at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
         at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
         at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source)
         at java.awt.Component.processMouseEvent(Unknown Source)
         at javax.swing.JComponent.processMouseEvent(Unknown Source)
         at java.awt.Component.processEvent(Unknown Source)
         at java.awt.Container.processEvent(Unknown Source)
         at java.awt.Component.dispatchEventImpl(Unknown Source)
         at java.awt.Container.dispatchEventImpl(Unknown Source)
         at java.awt.Component.dispatchEvent(Unknown Source)
         at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
         at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
         at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
         at java.awt.Container.dispatchEventImpl(Unknown Source)
         at java.awt.Component.dispatchEvent(Unknown Source)
         at java.awt.EventQueue.dispatchEvent(Unknown Source)
         at java.awt.EventDispatchThread.pumpOneEventForHierarchy(Unknown Source)
         at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
         at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
         at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
         at java.awt.EventDispatchThread.run(Unknown Source)
    Caused by: java.security.AccessControlException: access denied (java.lang.RuntimePermission createClassLoader)
         at java.security.AccessControlContext.checkPermission(Unknown Source)
         at java.security.AccessController.checkPermission(Unknown Source)
         at java.lang.SecurityManager.checkPermission(Unknown Source)
         at java.lang.SecurityManager.checkCreateClassLoader(Unknown Source)
         at java.lang.ClassLoader.<init>(Unknown Source)
         at org.apache.commons.discovery.jdk.PsuedoSystemClassLoader.<init>(PsuedoSystemClassLoader.java:73)
         at org.apache.commons.discovery.jdk.JDK12Hooks.findSystemClassLoader(JDK12Hooks.java:215)
         at org.apache.commons.discovery.jdk.JDK12Hooks.<clinit>(JDK12Hooks.java:73)
         ... 35 more

  • Applet(using SSL sockets) application in browser

    hello everyone,
    I am new to this forum, and this is my first forum in this site, please help me,
    My problem is,
    I have done an applet application which uses the SSL sockets, and it is working fine if i use the appletviewer tool, with the arguments of policy and URL, when i run this command "appletviewer -J-Djava.security.policy=mypolicy.policy URL of my html page" in the command mode its working fine.
    I have wrote HTML file for running the applet, and when i used it in the browser i was not able to get output , i was getting the error "NoTrustedCertificates found", i have setted the properties of truststore and password in the program itself like,
    System.setProperty("javax.net.ssl.trustStore", System.getProperty("java.home")+"cert");
    System.setProperty("javax.net.ssl.trustStorePassword", "pwd");
    and i also used the policy tool. I have stored my certificate along with the jar file, and i was getting this error
    can anyone please help me, or suggest me the right way to reach my target.
    Thanx in advance

    Hai,
    I have made my client applet running from the remote system, and the client was establishing SSL sockets, and there is a problem in Handshake, NO TRUSTED CERTIFICATE found was the error, and i had loaded the certificates ( one is used for signing the certificate, and the other is used for the SSL sockets authentication ) in my applet client code i have setted the system properties like
    System.setProperty("javax.net.ssl.trustStore", System.getProperty("java.home")+"\\lib\\security\\cert");
    System.setProperty("javax.net.ssl.trustStorePassword", "pwd");
    and this is the certificate which is used for SSL sockets authentication, and i stored the cert in the "jre\lib\security\" directory, and im using the jdk1.4.2_05 version.
    At the client side the error is
    Network Error: sun.security.validator.ValidatorException: No trusted certificate found.
    at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
    at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
    at java.io.OutputStream.write(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
    Caused by: sun.security.validator.ValidatorException: No trusted certificate found
    at sun.security.validator.SimpleValidator.buildTrustedChain(Unknown Source)
    at sun.security.validator.SimpleValidator.engineValidate(Unknown Source)
    at sun.security.validator.Validator.validate(Unknown Source)
    at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
    at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unknown Source)
    At the server side the error is
    javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
    at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(Unknown Source)
    at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.b(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(Unknown Source)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(Unknown Source)
    at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown Source)
    at com.ClientNeg.run(ClientNeg.java:76)
    at java.lang.Thread.run(Unknown Source)
    i was not able to understand what went wrong , so any one please help me in doing my work.
    Thanx
    dwurity

  • Safari, AppStore, iTunes SSL Connection Problems

    I am using a mid 2011 iMac with Mavericks 10.9.5 installed.
    Safari Version 7.1 (9537.85.10.17.1)
    AppStore Version 1.3 (201.7)
    iTunes Version 11.4
    I noticed today the following problem. From Safari I was not able to browse to www.google.com. After some time Safari says that he cannot init a secure connection to the server. This is also the case for www.apple.com. Then I tried FireFox but everything works fine there. Also when I want to start the AppStore App then it requires quite some time to load. If I click on the tab to see my purchases then nothing happens at first sight but then after some time this site looks quite strange. Almost like it did not ways able to load the full content. For iTunes nothing happens if I want to go to the iTunes Store.
    In the logs for iTunes there are many entries of the form:
    iTunes[604]: Failed to create replacement string
    When Safari has problems there occurs this enty in the log:
    com.apple.WebKit.WebContent[545]: CFNetwork SSLHandshake failed (-9806)
    com.apple.WebKit.WebContent[545]: NSURLConnection/CFURLConnection HTTP load failed (kCFStreamErrorDomainSSL, -9806)
    I tried a PRAM reset. Also in the recovery mode Safari I am not able to open these websites. I tried to delete the caches of ocspd and crl in /var/db/crls. Also I tried to delete the caches in Library/Caches/com.apple.Safari and com.apple.storeagent.
    Anybody has an idea?

    This could be a complicated problem to solve, as there are several possible causes for it.
    Back up all data, then take each of the following steps that you haven't already taken. Stop when the problem is resolved.
    Step 1
    From the menu bar, select
               ▹ System Preferences... ▹ Date & Time
    Select the Time Zone tab in the preference pane that opens and check that the time zone matches your location. Then select the Date & Time tab. Check that the data and time shown (including the year) are correct, and correct them if not.
    Check the box marked 
              Set date and time automatically
    if it's not already checked, and select one of the Apple time servers from the menu next to it.
    Step 2
    Triple-click anywhere in the line below on this page to select it:
    /System/Library/Keychains/SystemCACertificates.keychain
    Right-click or control-click the highlighted line and select
              Services ▹ Show Info
    from the contextual menu.* An Info dialog should open. The dialog should show "You can only read" in the Sharing & Permissions section.
    Repeat with this line:
    /System/Library/Keychains/SystemRootCertificates.keychain
    If instead of the Info dialog, you get a message that either file can't be found, reinstall OS X.
    *If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. Open a TextEdit window and paste into it by pressing command-V. Select the line you just pasted and continue as above.
    Step 3
    Launch the Keychain Access application in any of the following ways:
    ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
    ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
    ☞ Open LaunchPad. Click Utilities, then Keychain Access in the icon grid.
    In the upper left corner of the window, you should see a list headed Keychains. If not, click the button in the lower left corner that looks like a triangle inside a square.
    In the Keychains list, there should be items named System and System Roots. If not, select
              File ▹ Add Keychain
    from the menu bar and add the following items:
    /Library/Keychains/System.keychain /System/Library/Keychains/SystemRootCertificates.keychain
    Open the View menu in the menu bar. If one of the items in the menu is
              Show Expired Certificates
    select it. Otherwise it will show
              Hide Expired Certificates
    which is what you want.
    From the Category list in the lower left corner of the window, select Certificates. Look carefully at the list of certificates in the right side of the window. If any of them has a a blue-and-white plus sign or a red "X" in the icon, double-click it. An inspection window will open. Click the disclosure triangle labeled Trust to disclose the trust settings for the certificate. From the menu labeled
              Secure Sockets Layer (SSL)
    select
              no value specified
    Close the inspection window. You'll be prompted for your administrator password to update the settings.
    Now open the same inspection window again, and select
              When using this certificate: Use System Defaults
    Save the change in the same way as before.
    Revert all the certificates with non-default trust settings. Never again change any of those settings.
    Step 4
    Select My Certificates from the Category list. From the list of certificates shown, delete any that are marked with a red X as expired or invalid.
    Export all remaining certificates, delete them from the keychain, and reimport. For instructions, select
              Help ▹ Keychain Access Help
    from the menu bar and search for the term "export" in the help window. Export each certificate as an individual file; don't combine them into one big file.
    Step 5
    From the menu bar, select
              Keychain Access ▹ Preferences... ▹ Certificates
    There are three menus in the window. Change the selection in the top two to Best attempt, and in the bottom one to  CRL.
    Step 6
    Triple-click anywhere in the line of text below on this page to select it:
    /var/db/crls
    Copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select
              Go ▹ Go to Folder...
    from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.
    A folder named "crls" should open. Move all the files in that folder to the Trash. You’ll be prompted for your administrator login password.
    Restart the computer, empty the Trash, and test.
    Step 7
    Triple-click anywhere in the line below on this page to select it:
    open -e /etc/hosts
    Copy the selected text to the Clipboard by pressing the key combination command-C.
    Launch the built-in Terminal application in any of the following ways:
    ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
    ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
    ☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.
    Paste into the Terminal window by pressing command-V. I've tested these instructions only with the Safari web browser. If you use another browser, you may have to press the return key after pasting. A TextEdit window should open. At the top of the window, you should see this:
    # Host Database
    # localhost is used to configure the loopback interface
    # when the system is booting.  Do not change this entry.
    127.0.0.1                              localhost
    255.255.255.255          broadcasthost
    ::1                                        localhost
    fe80::1%lo0                    localhost
    If that's not what you see, post the contents of the window.

  • Not able to connect with managed server using ssl connection

    Hi Guys,
    My weblogic server is running on linux. I have setup ssl connction bu using Demo Identity and Demo Trust.In server logs i can find the following infomation that server is running on secure port.
    But once i try connect to managed server using client i m facing below error:
    <May 27, 2013 2:55:00 PM IST> <Info> <Security> <BEA-090905> <Disabling CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true>
    <May 27, 2013 2:55:00 PM IST> <Info> <Security> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG to FIPS186PRNG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true>
    <May 27, 2013 2:55:00 PM IST> <Info> <Security> <BEA-090908> <Using default WebLogic SSL Hostname Verifier implementation.>
    javax.naming.CommunicationException [Root exception is java.net.ConnectException: t3s://host:port: Destination unreachable; nested exception is:
         javax.net.ssl.SSLHandshakeException: General SSLEngine problem; No available router to destination]
         at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:40)
         at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLInitialContextFactoryDelegate.java:767)
         at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:366)
         at weblogic.jndi.Environment.getContext(Environment.java:315)
         at weblogic.jndi.Environment.getContext(Environment.java:285)
         at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:117)
         at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:684)
         at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:307)
         at javax.naming.InitialContext.init(InitialContext.java:242)
         at javax.naming.InitialContext.<init>(InitialContext.java:216)
         at com.akt.client.WLCLIENT.makeConnection(WLCLIENT.java:40)
         at com.akt.client.WLCLIENT.main(WLCLIENT.java:60)
    Caused by: java.net.ConnectException: t3s://host:port: Destination unreachable; nested exception is:
         javax.net.ssl.SSLHandshakeException: General SSLEngine problem; No available router to destination
         at weblogic.rjvm.RJVMFinder.findOrCreateInternal(RJVMFinder.java:216)
         at weblogic.rjvm.RJVMFinder.findOrCreate(RJVMFinder.java:170)
         at weblogic.rjvm.ServerURL.findOrCreateRJVM(ServerURL.java:165)
         at weblogic.jndi.WLInitialContextFactoryDelegate$1.run(WLInitialContextFactoryDelegate.java:345)
         at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
         at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:146)
         at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:340)
         ... 9 more
    Caused by: java.rmi.ConnectException: Destination unreachable; nested exception is:
         javax.net.ssl.SSLHandshakeException: General SSLEngine problem; No available router to destination
         at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:470)
         at weblogic.rjvm.ConnectionManager.bootstrap(ConnectionManager.java:321)
         at weblogic.rjvm.RJVMManager.findOrCreateRemoteInternal(RJVMManager.java:260)
         at weblogic.rjvm.RJVMManager.findOrCreate(RJVMManager.java:197)
         at weblogic.rjvm.RJVMFinder.findOrCreateRemoteServer(RJVMFinder.java:238)
         at weblogic.rjvm.RJVMFinder.findOrCreateInternal(RJVMFinder.java:200)
         ... 15 more
    But in server logs i can see below message
    opt/Oracle/Middleware/wlserver_12.1/server/lib/DemoIdentity.jks.>
    <May 27, 2013 2:47:06 PM IST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file /opt/Oracle/Middleware/wlserver_12.1/server/lib/DemoTrust.jks.>
    <May 27, 2013 2:47:06 PM IST> <Notice> <Security> <BEA-090169> <Loading trusted certificates from the jks keystore file /opt/jdk1.7.0_21/jre/lib/security/cacerts.>
    <May 27, 2013 2:47:06 PM IST> <Notice> <Server> <BEA-002613> <Channel "DefaultSecure" is now listening on hostname:port for protocols iiops, t3s, ldaps, https.>
    <May 27, 2013 2:47:06 PM IST> <Notice> <WebLogicServer> <BEA-000332> <Started the WebLogic Server Managed Server "Server-Test" for domain "base_domain" running in development mode.>
    Please suggest
    Edited by: 1008140 on May 27, 2013 2:37 AM

    Welcome to OTN
    This section related to Database question not fusion middle ware Post your question
    Oracle Discussion Forums » Fusion Middleware

  • Applet using socket connection always go through proxy server

    Socket connection with socks always go through proxy server
    We have two applets in different codebases using socket to talk to each other, until now nothing new, but the problem is that we are behind a proxy server with socks and because of that, the connection always go through the proxy server even with proxy override point to the applet machine. We have tried a lof of things and until now nothing worked, it looks like the socket is ignoring proxy override configuration. We would like to know if there is a way to solve this problem making the applets comunicate to each other ignoring the proxy server. It should happen when we set the plug-in option to "no proxy host", but it doesn't. Maybe it can be a bug of JVM, I don't know, just maybe, and if it's true, any other good idea would be welcome as well.
    Thanks in advance.

    Hi,
    I am not very much sure if I can help you. In my previous experience, once you set the system property to use the proxy, then the jvm uses the proxy. If you want disable, in your code, you have to disable it.
    like System.setProperty("socksProxyHost","someHost"), Properties props = System.getProperties(); props.remove(("socksProxyHost");

  • CustomAction using SSL Connection [TrustStore]

    Hi community,
    we've developed a custom action  that connects over WebDAV and HTTPS to retrieve a file.
    Now we have the problem that we need to trust the ssl certificate of the WebDAV server.
    We installed the certificate with java keytool to the MII jre/lib/security/cacerts file, but it seems that MII takes another
    default TrustStore?
    When I explicitly set the mentioned cacert file with through the setProperty Java method
    System.setProperty("javax.net.ssl.trustStore",<path to cacert file>);
    it works?
    Anybody outthere facing a similar problem?
    regards
    Markus

    I have found a solution for a similar problem. Check out http://java.sun.com/j2se/1.4.1/docs/guide/security/jsse/JSSERefGuide.html#Troubleshooting

Maybe you are looking for

  • Add a new POP email acct to iPad

    I am trying to add a new POP account to y husband's iPad 3rd generation, IOS 6. It creates as an IMAP account, which AT&T / sbcglobal.net does not support. I thought there used to be a toggle or selection for POP or IMAP when I have done this in the

  • How to get Outlook 2011 Mac emails in Mac Mail Lion version

    how do I get Outlook 2011 Mac eml files to Mac MAIL for lion?

  • Works right if closed and re-opened.

    What can I do to get iCal window to display after start-up? Works correctly if closed and re-opened.

  • Import Recording Session from Pyramix into Logic

    Hi, how to import a recording session from pyramix into Logic Is it possible via OMF/AAF export? Can I use a usb/fw harddrive with just one FAT32 Volume for Files Transfer from PC Who has experiences with OMF Import into Logic Cheers Markus

  • Partial Commit in ODI

    Can ODI does partial commit of large batch of data neglecting erroneous ones. If so how to achieve this? This would be very helpful especiall in a batch transaction where instead of rolling back entire batch due to erroneous records atleast the corre