WLS70 SSL encrypted keys and Certificate Request Generator

Similar Messages

• PKCS#11 Provider unable to fetch asymmetric keys and certificates

  Hi,
  I'm facing a problem while getting keys and certificate from Eracom HSM (ProtectServer Orange:38039 Model: PSO:PL50) using Sun PKCS#11 Provider. It gets only the symmetric keys but NEVER gets the asymmetric keys.
  My code snippet and configuration file are:
       Java Code:
       java.io.InputStream is = new java.io.FileInputStream("pkcs11.cfg");
  sun.security.pkcs11.SunPKCS11 pkcs11_provider = new sun.security.pkcs11.SunPKCS11(is);
  System.out.println("Provider Name : " + pkcs11_provider.getName());
  java.security.Security.addProvider(pkcs11_provider);
  KeyStore ks = KeyStore.getInstance("PKCS11", pkcs11_provider);
  ks.load(null, "password".toCharArray());
  java.util.Enumeration obj_enumeration = ks.aliases();
  while (obj_enumeration.hasMoreElements()) {
  String str_certAlias = (String) obj_enumeration.nextElement();
  System.out.println("Alias : " + str_certAlias);
       pkcs11.cfg:
       name = Eracom
       library = G:\Eracom\cryptoki.dll
       slot = 0
       attributes(*, CKO_PRIVATE_KEY, *) = {
       CKA_TOKEN = false
       CKA_SENSITIVE = false
       CKA_EXTRACTABLE = true
       CKA_DECRYPT = true
       CKA_SIGN = true
       CKA_SIGN_RECOVER = true
       CKA_UNWRAP = true
       attributes(*, CKO_PUBLIC_KEY, *) = {
       CKA_ENCRYPT = true
       CKA_VERIFY = true
       CKA_VERIFY_RECOVER = true
       CKA_WRAP = true
  I also ran my program without specifying any attributes in configuration file, also tried many other combination, but in all cases (with or without attributes) only symmetric keys are loaded from HSM. I am able to get all keys (symmteric and asymmteric) and certificates from the same HSM using IAIK PKCS#11 Provider. Though, the Sun PKCS#11 Provider is working fine with SmartCard tokens (Rainbow, Alladin etc.)
  Any help to resolve my problem would be highly appreciated.
  Thanks in advance.

  I recently had a problem with ECDSA and the PKCS#11 library of nCipher. Here's info from one of their engineers about the PKCS11 library:
  "There are two separate issues - one is that our current pkcs11
  release doesn't support ECDSA signature with SHA-2 hashes
  (the v11.00 firmware adds support for it, but the main release version of
  the pkcs11 library hasn't been updated to take advantage of it yet).
  There is a hotfix version that does support SHA-2 hashes with some
  restrictions, talk to [email protected] for details, and V11.10
  should be out soon and have that merged in.
  But the issue with setting CKA_SIGN is that our underlying HSM API
  allows elliptic curve keys to be either key exchange (ECDH) or
  signature (ECDSA) keys, but not both at one.
  At the PKCS #11 level, if you specify CKA_DERIVE=true and let
  CKA_SIGN default, it will default to false, and vice versa.
  If you specify both CKA_DERIVE=true and CKA_SIGN=true, then we
  return CKR_TEMPLATE_INCONSISTENT because we can't do both with
  the same key. (However, the tests using C_GetMechanismInfo will
  show that we can do both mechanisms, because we can - so long
  as you use different keys, even though they have the same PKCS#11
  type.)
  I can't comment on when or how that will be changed."
  I was using the PKCS#11 library through NSS when I ran into the problem, but I imagine Java would run into similar problems also using the PKCS#11 library. I was able to generate keypairs but not create a CSR (which required making a signature, which required SHA-2).
  Can you just use the java classes to speak to the netHSM? I've never directly written code to do so myself, but I have used Corestreet's OCSP product that uses the java classes to speak to the nCipher HSMs (though not using EC). It might work better than going through the PKCS#11 layer. There should be a java directory under NFAST_HOME that contains some jars.
  Please post back if you figure anything out as I'll probably be playing with this stuff myself soon.
  Dave

• Replacing SSL keys and certificates for already defined services

  I have about 10 new 2048-bit keys and certs to replace existing 1024 bit keys and certs on my CSS11500 with SSL modules.
  I'm trying to figure out my options, now that I've got the files SFTP'ed to the CSS.
  I can create a new startup-config file for the CSS with the new files referenced by the SSL associate commands in the startup-config. This will require a reboot (not desired).
  I can come up with new associations for the new files, then suspend the ssl-proxy-list and edit it to use the new associations. This doesn't require a reboot but then I have to clear out the old associations before I can delete the old key/cert files.
  Is there any way to force the CSS to "overwrite" an existing SSL association without rebooting the CSS?

  "Clear file filename "password" commad will help you to clear SSL certificates and private keys from the CSS that are no longer valid.
  Please check if the below URL: could help:
  http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v7.40/command/reference/CmdGenA.html#wp1030153

• JSSE: keys and certificates

  1)What exactly is the difference between a key and a certificate?
  2)Can both be used by JSSE?
  3)How can I obtain a key?
  4)A private and a public key? are it two separate files or what is it?

  The first (and until so far only time) that I used SSL was with a webapplication, running on tomcat on SSL. Then I was told to generate a keystore with the keytool command and that was all and everything worked fine. You would have had to import a certificate from the server to the client's truststore. If you worked at the server end you would have had to generate a key and either a self-signed cert or the whole CSR, get it signed, re-import sequence. This is a bit more than just 'generate a keystore with the keytool command'.
  if you never heard about the keytoolAre you kidding me?
  1)So this keystore was then a self-signed-certificate or even not a certificate at all???keytool -genkey generates a private/public key pair. keytool -selfcert generates a self-signed certificate for that keypair. Nobody in the world will trust that certificate unless you export it from this keystore and import it into their truststore. By contrast, if you generate a CSR, get it signed by a well-known CA, and import the signed cert into the same keystore the CSR came from, everybody will trust that cert, because they already trust the CA. BTW these things aren't they keystore, they are in the keystore.
  2)The keystore contains thus a private and public key, which ensure integrity and confidentiality.... but NOT client and server autentication?The public/private key system can give you integrity and confidentiality. The X.509 certificate system can be used for authentication. They are different things.

• Need Help on How to Change The Encryption Key and or Change security settings

  Hello, i just installed the wireless router and i would like to know how i can change the encryption key or change the security settings (i want it so you do not have to answer it with a password). Thank you in advance.
  Message Edited by DARK_MARIO on 01-06-200706:10 PM

  Hi…
  In order to change the wireless settings of your router you need to login into the router configuration page. Open your internet explorer browser…in the address bar type http://192.168.1.1 ( Default IP address). Leave the username field balnk……type admin as password (If you have not changed the router password). When the setup page loads fully…..click on the tab that says wireless. Just below the main tab wireless ….click on the sub tab that says wireless security. You can Change the wireless security settings here. After the changes are made click on save settings.

• Resetting the encryption keys to default in Waveset

  Hi All,
  Is there a way to reset the default encryption keys on IDM?
  I was trying something and generated a new server encryption key and now I can't get my AD resource adapter to talk to the gateway.
  Any help would be highly appreciated.
  Thank You
  Vamsi

  Try finding the solution on http://www.encryptionkey.info/

• Spool request generated twice

  Dear all,
  I'm facing a very strange behavior while printing sales order confirmation from va01
  in SAP ECC5.0.
  I've got access sequences and condition records in order to print out immediately the form at saving, based on sales org/doc type.
  Among 3 different doc type, only one is wrongly output twice when saving, without any explanations : no messages number set up in communication no TDCOPIES , output type set up ok and so on...
  I really check around the whole things to find out a potential reason of this but without success.
  Other doc type call same smartforms and print program but correctly issue only one output.
  Where else could I look on to?
  Please advice.
  Regards.

  i know the table for spool request :  TSP01
  But how should i link it to background job name ?
  i want the link between background job name and spool request generated by it......
  TBTCPV is the view but it stores only one spool request.....rather than multiple spoolreq generated by background job..

• WEP Encryption Key not remembered when restarting the Equium M50-244

  I am running an Equium M50-244 Laptop, with a BT Home Hub 7838 wireless router. Nearly everytime I power up this notebook it has no wireless connection. I therefore have to go into Control Panel, Network Connections, and get it to find a new connection.
  Then have to type in WEP Encryption Key number twice to get a new connection.
  This is obviously a lengthy procedure so I need to get the Laptop to recognise the Encryption Key and store it for the next time I power on.
  I am running Windows XP Home with Service Pack 2, and a Norton Anti Virus and Firewall.
  Any help would be much appreciated
  Peter

  Hello
  I agree with Louis. Your WLAN cards support WPA encryption and, if possible, you should use it.
  Anyway: for WLAN configuration try to use Windows settings and defined WEP password should be remembered for your WLAN. I have configured it on many different notebooks and after choosing the listed WLAN the password was already defined and only thing that must be done is to click on button Connect.

• WHICH TABLE STORES SPOOL REQUEST GENERATED BY BACKGROUND JOB ?

  Background job is generating multiple request.
  i am not able to find the table which stores all the spool request for a particular background job.

  i know the table for spool request :  TSP01
  But how should i link it to background job name ?
  i want the link between background job name and spool request generated by it......
  TBTCPV is the view but it stores only one spool request.....rather than multiple spoolreq generated by background job..

• Encrypted pwd and login

  Dear,
  I created a user registration for and encrypted the password using sha1
  if ($pwdOK) {
          $_POST['pwd'] = sha1($_POST['pwd']);
  and for the login I used, this line of code right after the connection line to recognize the encrypted pwd as Dreamweaver doesn't do it on its own
  if (isset($_POST['pwd'])) { $_POST['pwd'] = sha1($_POST['pwd']);}
  but surprisingly, it is not working, I am being redirect to the error page instead, even though I am using both right user and password.
  Any one, has any idea how I can possibly solve this problem.
  Romeo

  Winners12,
  My 2cents (or 2 pence, if you like) ==> don't store passwords in the database, not even encrypted. Use some type of hashing algorithm to avoid the possibility of someone "stealing" your encryption key and getting into the database. Oracle provides a simple hashing algorithm in the DB (ora_hash). In my current app, I do all of the username/password checks in the database using a stored procedure and don't do any encrypt/decrypt/password check/etc in Java. If "over-the-wire" is an issue, you can encrypt the network traffic as well.
  This discussion may be relevant: http://asktom.oracle.com/pls/asktom/f?p=100:11:0::::P11_QUESTION_ID:95412348059
  Otherwise, you can google around and find plenty of encryption/decryption examples for Java; nothing really specific to JDeveloper in that.
  Hope this helps,
  John

• CF 9.0.2 and Oracle - On update returns error "Auto-generated keys were not requested..."

  We have a simple update statement to Oracle 11g Database. When running the statement the data is not getting updated and we are getting an error "Auto-generated keys were not requested, or the SQL was not a simple INSERT statement. ErrorCode=0 SQLState=HY000". We found this error by dumping the SQL to a file.
  But most other Update statements are working fine.
  Also, the same statment works for Oracle 10g and Coldfusion 9.0.0.
  Any idea if this is a problem with Coldfusion or Oracle? Is there any resolution.
  I found the CF 8 had a similar issue and was fixed in a hotfix (http://helpx.adobe.com/coldfusion/kb/error-auto-generated-keys-requested.html).

  Hi,
  Thanks. I compiled my code using JDeveloper 10.1.2, didn't dare to use the latest. It works in 10g apps server. When I deployed to 9ias apps server, those weird errors showed up. Unfornately, our dev environment is at a newer version than the production one.
  So, you think the error is generated because I referenced some newer technologies that was not provided by 9ias?
  Jia

• WBL 7.0 and SSL private key problem

  Having generated certificate request, and associated private key, I obtained
  the corresponding server level certificate. I am having problems starting the
  server with the cert. I have configured my server appropriately, here is the SSL
  configuration from the domain config.xml
  <SSL Enabled="true" HostnameVerificationIgnored="true"
  ListenPort="8090" Name="SampleServer"
  ServerCertificateChainFileName="nasaca.pem"
  ServerCertificateFileName="mydomain-cert.pem"
  ServerKeyFileName="mydomain-key.pem"/>
  and I am using -Dweblogic.management.pkpassword=mypassword
  in the startup script, however I get :
  java.lang.Exception: Cannot read private key from file /usr/user_projects/Sample/mydomain-key.pem.
  Make sure password specified in environment property weblogic.management.pkpassword
  is valid.
  I have given the right password. So the question is why am I seeing the error
  I am running this server on Sun Solaris. The password contains the usual ascii
  characters, including shell special characters.
  Any way checking the private key file ?
  Also as we have seen problems with the particular certificate we get from the
  CA, I wanted to use "utils.ValidateCertChain", alas this documented utility is
  conveniently missing from weblogic.jar. Oh big blue, why didn't we go with you
  Seriously, please help
  Tarang

  Darkit,
  I have the same problem. Let me know if you find a solution to this problem.
  Thanks,
  Bharathi

• Problem Generating a certificate request

  I have a couple of Windows 2003 R2 SP2 servers hosting several instances of ADAM.  I am using certreq to generate the certificate requests for these servers so I can use SSL in connecting to ADAM but I am getting an error.  This is the request.inf I am using (pretty much straight from an MS article...) to generate the request...
  ;----------------- request.inf -----------------
  [Version]
  Signature="$Windows NT$
  [NewRequest]
  Subject = "CN=servername.childdomain.rootdomain.com" ; replace with the FQDN of the DC
  KeySpec = 1
  KeyLength = 1024
  ; Can be 1024, 2048, 4096, 8192, or 16384.
  ; Larger key sizes are more secure, but have
  ; a greater impact on performance.
  Exportable = TRUE
  MachineKeySet = TRUE
  SMIME = False
  PrivateKeyArchive = FALSE
  UserProtected = FALSE
  UseExistingKeySet = FALSE
  ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
  ProviderType = 12
  RequestType = PKCS10
  KeyUsage = 0xa0
  [EnhancedKeyUsageExtension]
  OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication
  I am using this command....  certreq -new request.inf request.req
  After hitting enter, it sits there for about 10 seconds and gives me this error back...
  Certificate Request Processor: Access is denied.  0x80070005 (WIN32: 5)
  [RequestAttributes]
  I have searched on this error and have not found much of anything on it.  This process seems to work fine on other servers that I have, but these two servers both generate this error.  Both servers are clean builds and only have ADAM installed on them.  I am a local admin on both servers so it doesn't appear that there should be any permission issues as implied by the error message. 
  Anyone have any ideas?
  Thanks!

  Hello Bryan,
  First of all, please make sure that the CA certificate is added into the Trusted Root certificate store on the servers. If the certificate web enrollment is enabled, please check how a certificate request works on that two server generate the error.
  Meanwhile, please verify the security permission on the MachineKeys directory:
  1.    Open Windows Explorer, and find the MachineKeys directory in the following location:
  Drive:\Documents and Settings\all users\Application Data\Microsoft\Crypto\RSA\MachineKeys
  2.    Right-click the directory, and click Properties.
  3.    Click the Security tab, and ensure that the full control permission for the Administrators
  How to: Change the Security Permissions for the MachineKeys Directory
  http://msdn.microsoft.com/en-us/library/bb909654.aspx
  Hope it helps.

• Use Sign.xml and Encrypt.xml for both request AND response within WSDL?

  Hi,
  ALSB: 2.6
  I was wandering if it's possible to use abstract outof the box WS-Policy file within WSDL file to specify encryption
  (Encrypt.xml) and digital signature(Sign.xml) with X509 for both request and response???
  So far, it only works for either request or response BUT not both. i.e. within WSDL file
  <!-- following WSDL works for encrypting and signing request with X509 in test console -->.....
  <wsdl:binding name="DexService2Soap" type="tns:DexService2Soap">
      <soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document" />
      <wsdl:operation name="Message">
              <soap:operation soapAction="urn:moe:dex:dexservice:2.0.0/Message" style="document" />
                            <wsdl:input>
                             <!-- WS-Policy file applied here -->
                           <wsp:Policy>
                                          <wsp:PolicyReference URI="policy:Sign.xml"/>
                                          <wsp:PolicyReference URI="policy:Encrypt.xml"/>
                                     </wsp:Policy>
                                   <soap:body use="literal" />
                             </wsdl:input>
                           <wsdl:output>
                                <soap:body use="literal" />
                             </wsdl:output>
      </wsdl:operation>
    </wsdl:binding>
             Or
  <!-- following WSDL works for encrypting and signing response with X509 in test console -->
  <wsdl:binding name="DexService2Soap" type="tns:DexService2Soap">
      <soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document" />
      <wsdl:operation name="Message">
              <soap:operation soapAction="urn:moe:dex:dexservice:2.0.0/Message" style="document" />
                            <wsdl:input>
                                   <soap:body use="literal" />
                             </wsdl:input>
                           <wsdl:output>
                                     <!-- WS-Policy file applied here -->
                                     <wsp:Policy>
                                          <wsp:PolicyReference URI="policy:Sign.xml"/>
                                          <wsp:PolicyReference URI="policy:Encrypt.xml"/>
                                     </wsp:Policy>
                                <soap:body use="literal" />
                             </wsdl:output>
      </wsdl:operation>
    </wsdl:binding>
  But not both
  <!-- following WSDL doesn't work for encrypting and signing both response and request with X509 in test console -->
  <wsdl:binding name="DexService2Soap" type="tns:DexService2Soap">
      <soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document" />
      <wsdl:operation name="Message">
              <soap:operation soapAction="urn:moe:dex:dexservice:2.0.0/Message" style="document" />
                            <wsdl:input>
                                      <!-- WS-Policy file applied here -->
                                     <wsp:Policy>
                                          <wsp:PolicyReference URI="policy:Sign.xml"/>
                                          <wsp:PolicyReference URI="policy:Encrypt.xml"/>
                                     </wsp:Policy>
                                   <soap:body use="literal" />
                             </wsdl:input>
                           <wsdl:output>
                                     <!-- WS-Policy file applied here -->
                                     <wsp:Policy>
                                          <wsp:PolicyReference URI="policy:Sign.xml"/>
                                          <wsp:PolicyReference URI="policy:Encrypt.xml"/>
                                     </wsp:Policy>
                                <soap:body use="literal" />
                             </wsdl:output>
      </wsdl:operation>
    </wsdl:binding>
  ...      Instead, I got error message like
  <15/01/2008 10:15:04 AM NZDT> <Error> <ALSB Security> <BEA-387023> <An error ocurred during web service security inbound response processing [error-code: Fault
  , message-id: 3917705281899426819-4368b1eb.117762cff6e.-7fdb, proxy: DexServiceX509-Stub/Proxy Services/DexServiceX509-ProxyService, operation: Message]
  --- Error message:
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Header/><soapenv:Body><soapenv:Fault><faultcode>soapenv:Server</faultcode>
  <faultstring>Failed to get token for tokenType: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3</faultstring></soapenv:Fa
  ult></soapenv:Body></soapenv:Envelope>
  weblogic.xml.crypto.wss.WSSecurityException: Failed to get token for tokenType: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#
  X509v3
  at weblogic.xml.crypto.wss.SecurityBuilderImpl.addEncryption(SecurityBuilderImpl.java:308)
  at weblogic.wsee.security.wss.SecurityPolicyDriver.processConfidentiality(SecurityPolicyDriver.java:280)
  at weblogic.wsee.security.wss.SecurityPolicyDriver.processOutbound(SecurityPolicyDriver.java:75)
  at weblogic.wsee.security.wss.SecurityPolicyDriver.processOutbound(SecurityPolicyDriver.java:64)
  at weblogic.wsee.security.WssServerHandler.processOutbound(WssServerHandler.java:86)
  Truncated. see log file for complete stacktrace
  >
  <15/01/2008 10:15:24 AM NZDT> <Error> <com.bea.weblogic.kernel> <000000> <Failed to build CertPath
  java.security.cert.CertPathBuilderException: [Security:090603]The certificate chain is invalid because it could not be completed. The trusted CAs did not inclu
  de CN=x509,OU=x509,O=x509,L=Wellington,ST=Wellington,C=NZ.
  at weblogic.security.providers.pk.WebLogicCertPathProviderRuntimeImpl$JDKCertPathBuilder.engineBuild(WebLogicCertPathProviderRuntimeImpl.java:669)
  at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
  at com.bea.common.security.internal.legacy.service.CertPathBuilderImpl$CertPathBuilderProviderImpl.build(CertPathBuilderImpl.java:67)
  at com.bea.common.security.internal.service.CertPathBuilderServiceImpl.build(CertPathBuilderServiceImpl.java:86)
  at jrockit.reflect.VirtualNativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source)
          Truncated. see log file for complete stacktrace
  >
  <15/01/2008 10:15:24 AM NZDT> <Error> <ALSB Security> <BEA-387022> <An error ocurred during web service security inbound request processing [error-code: Fault,
  message-id: 3917705281899426819-4368b1eb.117762cff6e.-7fd8, proxy: DexServiceX509-Stub/Proxy Services/DexServiceX509-ProxyService, operation: null]
  --- Error message:
  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Header/><soapenv:Body><soapenv:Fault xmlns:wsse="http://docs.oasis-open.or
  g/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><faultcode>wsse:InvalidSecurityToken</faultcode><faultstring>Security token failed to validate. weblo
  gic.xml.crypto.wss.SecurityTokenValidateResult@3c5347b[status: false][msg [
    Version: V1
    Subject: CN=x509, OU=x509, O=x509, L=Wellington, ST=Wellington, C=NZ
    Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
    Key:  Sun RSA public key, 1024 bits
    modulus: 13052787793731294943682394984664645854838424340012907077330623....
    The 'System Error Handler' from 'Invocation Trace' in ALSB test console is something like
  [pre]     
  $fault:
  <con:fault xmlns:con="http://www.bea.com/wli/sb/context">
       <con:errorCode>BEA-386201</con:errorCode>
       <con:reason>
            A web service security fault
            occurred[{http://schemas.xmlsoap.org/soap/envelope/}Server][Failed
            to get token for tokenType:
            http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3]
       </con:reason>
       <con:details>
            <err:WebServiceSecurityFault
                 xmlns:err="http://www.bea.com/wli/sb/errors">
                 <err:faultcode
                      xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
                      soapenv:Server
                 </err:faultcode>
                 <err:faultstring>
                      Failed to get token for tokenType:
                      http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
                 </err:faultstring>
            </err:WebServiceSecurityFault>
       </con:details>
       <con:location>
            <con:path>response-pipeline</con:path>
       </con:location>
  </con:fault>
  So is this a feature not supported in ALSB 2.6 yet or am I missing something dead simple?
  Thanks in advance
  Sam

  Instead of specifying policies for input and output separately you could place the policy reference only once in the operation element. Maybe will this solve your problem...
  http://e-docs.bea.com/alsb/docs26/security/ws_policy.html#wp1061166

• SSL Server: No available certificate or key.... exception

  Hi,
  I want to create a very simple SSL Server for testing purposes.
  I have searched google and these forums for an answer, but anything that I found did not help (will say below what I tried).
  Here is my code:
  import java.io.IOException;
  import javax.net.ssl.SSLServerSocket;
  import javax.net.ssl.SSLServerSocketFactory;
  public class Server {
       private int port = 25000;
       private SSLServerSocketFactory factory = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
       public Server() {          
            try {
                 SSLServerSocket socket = (SSLServerSocket) factory.createServerSocket(port);
                 Echo echo = new Echo(socket);
                 Thread t = new Thread(echo);
                 t.start();
            } catch (IOException e) {
                 e.printStackTrace();
       public static void main(String[] args) {
            new Server();
  }and
  import java.io.BufferedReader;
  import java.io.BufferedWriter;
  import java.io.IOException;
  import java.io.InputStream;
  import java.io.InputStreamReader;
  import java.io.OutputStream;
  import java.io.OutputStreamWriter;
  import javax.net.ssl.SSLServerSocket;
  import javax.net.ssl.SSLSocket;
  public class Echo implements Runnable {
       SSLServerSocket socket;
       public Echo(SSLServerSocket socket) {
            this.socket = socket;
       @Override
       public void run() {
            try {
                 SSLSocket connectedSocket = (SSLSocket) socket.accept();
                 // creating the streams
                 InputStream inputstream = connectedSocket.getInputStream();
              InputStreamReader inputstreamreader = new InputStreamReader(inputstream);
              BufferedReader in = new BufferedReader(inputstreamreader);
              OutputStream outputstream = connectedSocket.getOutputStream();
              OutputStreamWriter outputstreamwriter = new OutputStreamWriter(outputstream);
              BufferedWriter out = new BufferedWriter(outputstreamwriter);
              // echoing...
              String input = "";
              while (input.compareTo("abort") != 0) {
                   input = in.readLine();
                   System.out.println("Server received message: " + input);
                   out.write(input + " " + input);
                   out.flush();
            } catch (IOException e) {
                 e.printStackTrace();
  }When I run the code, I get
  javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.
       at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(Unknown Source)
       at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(Unknown Source)
       at Echo.run(Echo.java:24)
  Line 24 in Echo.java is SSLSocket connectedSocket = (SSLSocket) socket.accept();
  I have created a keystore according to the JSSE documentation: http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore
  I have tried relative and full pathnames for javax.net.ssl.keyStore, as well as copying the keystore right into the directory with the class-files
  I have tried to set javax.net.ssl.keyStore (and javax.net.ssl.keyStorePassword) via the command line's -D switch and via System.setProperty
  After all that failed, I even tried to import the generated public key into the server's keystore as well
  No matter what I did, I always get above exception upon calling accept().
  I am using Java 6 (Java(TM) SE Runtime Environment (build 1.6.0_17-b04)) on Windows 7 64 Bit
  Any help is appreciated.

  I have created a keystore according to the JSSE documentation: http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore
  Are you sure you created a keystore with an RSA keypair, and not a DSA keypair?