Thanks, Jeremy. I thought it might be a directory path. Once I changed it
to a win directory, the trustStore was no longer not found. However, I get
an invalid keystore format error now. Babysteps.
I changed the storetype of the trustStore from JCEKS to JKS to see if that
would help, but I get the same error. Any ideas?
C:\bis-axis\gov\doc\bis\snap>java -Djavax.net.debug=ssl
gov.doc.bis.snap.SSLMain
Testing getting SnapWorkItem with key parameter.
>> Querying SnapWorkItemApi for '1'
keyStore is :
keyStore type is : jks
init keystore
init keymanager of type SunX509
trustStore is: c:\bis-axis\gov\doc\bis\snap\clienttruststore
trustStore type is : jks
init truststore
default context init failed: java.io.IOException: Invalid keystore format
- Mapping Exception to AxisFault
AxisFault
faultCode: {http://xml.apache.org/axis/}Server.userException
faultString: java.net.SocketException: Default SSL context init failed:
Invalid keystore format
faultActor: null
faultDetail:
stackTrace: java.net.SocketException: Default SSL context init
failed: Invalid keystore format
at javax.net.ssl.DefaultSSLSocketFactory.createSocket(DashoA6275)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39
)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
.java:25)
-----Original Message-----
From: Jeremy Levy [mailto:[EMAIL PROTECTED]]
Sent: Friday, July 12, 2002 2:04 PM
To: [EMAIL PROTECTED]
Subject: RE: Can't find Trusted Cert.
Try
// Set the truststore for authentication
System.setProperty("javax.net.ssl.trustStore",
"gov/doc/bis/snap/clienttruststore");
I don't know what platform this is on, but try the slashs like \\
Also, the path you specific is going to be relative to the user.dir
system property.. Is that correct?
JL
-----Original Message-----
From: Cohan, Sean [mailto:[EMAIL PROTECTED]]
Sent: Friday, July 12, 2002 1:58 PM
To: '[EMAIL PROTECTED]'
Subject: RE: Can't find Trusted Cert.
in the client code, I also mistyped the trustStore location property (at
least as presented in the book "AXIS Next Generation Java SOAP".)
Although I'm not really sure how this property is being accessed (e.g.,
as a
URI) and how the front of it is resolved (e.g., classpath, off of
webapps, etc), instead of:
// Set the truststore for authentication
System.setProperty("javax.net.ssl.trustStore",
"gov.doc.bis.snap.clienttruststore");
I should have had:
// Set the truststore for authentication
System.setProperty("javax.net.ssl.trustStore",
"gov/doc/bis/snap/clienttruststore");
But this doesn't help. It still doesn't find the trustStore.
Can anyone explain the keyStore is empty? I don't set this anywhere in
the code, just in tomcats server.xml. Thanks.
-----Original Message-----
From: Cohan, Sean [mailto:[EMAIL PROTECTED]]
Sent: Friday, July 12, 2002 11:01 AM
To: '[EMAIL PROTECTED]'
Subject: RE: Can't find Trusted Cert.
Thanks you, Geza. In my client code, I did mistype
javax.net.ssl.trustStore as javax.net.ssl.truststore
After I changed it to
// Set the truststore for authentication
System.setProperty("javax.net.ssl.trustStore",
"gov.doc.bis.snap.clienttruststore");
and recompiled (and restarted tomcat) I get:
C:\bis-axis\gov\doc\bis\snap>java -Djavax.net.debug=ssl
gov.doc.bis.snap.SSLMain
Testing getting SnapWorkItem with key parameter.
>> Querying SnapWorkItemApi for '1'
keyStore is :
keyStore type is : jks
init keystore
init keymanager of type SunX509
trustStore is: No File Available, using empty keystore. trustStore type
is : jks init truststore init context trigger seeding of SecureRandom
done seeding SecureRandom %% No cached client session
*** ClientHello, v3.1
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, July 12, 2002 10:22 AM
To: [EMAIL PROTECTED]
Subject: RE: Can't find Trusted Cert.
I struggled with the same thing the whole day.
My problem turned otu to be the bloody system property.
Watch out because it is case sensitive. It has to be
javax.net.ssl.keyStore, with capital "S"
So you have to set keystore and truststore too (if it's the case).
> I tried that. I'm really a fish out of water here, but it looks my
> clienttruststore is not recognized (based on the 'keyStore is : ' line
> below.) Any help sorting this out is greatly appreciated since I'm
> stumbling around in the dark (but learning which is good.)
> Here's the top
> portion of the output. Thanks.
>
> C:\bis-axis\gov\doc\bis\snap>java -Djavax.net.debug=ssl
> gov.doc.bis.snap.SSLMain
>
>
> Testing getting SnapworkItem with key parameter.
> >> Querying SnapWorkItemApi for '1'
> keyStore is :
> keyStore type is : jks
> init keystore
> init keymanager of type SunX509
> trustStore is: c:\j2sdk1.4.0_01\jre\lib\security\cacerts
> trustStore type is : jks
> init truststore
> adding as trusted cert: [
> [
> Version: V3
> Subject: [EMAIL PROTECTED],
> CN=Thawte Personal
> Freemail CA, OU=Certification Services Division
> , O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
> Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
>
> Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@6dadf9
> Validity: [From: Sun Dec 31 19:00:00 EST 1995,
> To: Thu Dec 31 18:59:59 EST 2020]
> Issuer: [EMAIL PROTECTED],
> CN=Thawte Personal
> Freemail CA, OU=Certification Services Division,
> O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
> SerialNumber: [ 0 ]
>
> Certificate Extensions: 1
> [1]: ObjectId: 2.5.29.19 Criticality=true
> BasicConstraints:[
> CA:true
> PathLen:2147483647
> ]
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Friday, July 12, 2002 3:37 AM
> To: [EMAIL PROTECTED]
> Subject: RE: Can't find Trusted Cert.
>
>
>
> Hi,
>
> Try running your client and server with SSL debug ON.
> (java -Djavax.net.debug=ssl ...) This way you can see what's really
> happening. You can find out whether the system finds your
> trusstore file.
> Or maybe the problem is exactly what the exception says: there is
> no proper certificate in your truststore. In this case you should
> import one into your truststore. Or the other side is sending
> the wrong
> certificate ?
> Good luck, Geza
>
> > -----Original Message-----
> > From: ext Cohan, Sean [mailto:[EMAIL PROTECTED]]
> > Sent: 11. July 2002 23:21
> > To: '[EMAIL PROTECTED]'
> > Subject: RE: Can't find Trusted Cert.
> >
> >
> > Perhaps a little more info should have been provided on my
> > part. Here is my
> > relevant client code:
> >
> > // Set the protocol for handling SSL based connecting
> > System.setProperty("java.protocol.handler.pkgs",
> > "com.sun.net.ssl.internal.www.protocol");
> > // Add the provider implementation class for handling SSL
> > connections
> > java.security.Security.addProvider(new
> > com.sun.net.ssl.internal.ssl.Provider());
> > // Set the truststore for authentication
> > System.setProperty("javax.net.ssl.truststore",
> > "gov.doc.bis.snap.clienttruststore");
> > System.setProperty("javax.net.ssl.trustStorePassword",
> > "changeit");
> >
> > And here is a little more of the error:
> >
> > C:\bis-axis\gov\doc\bis\snap>java gov.doc.bis.snap.SSLMain
> >
> >
> > Testing getting SnapworkItem with key parameter.
> > >> Querying SnapWorkItemApi for '1'
> > - Mapping Exception to AxisFault
> > AxisFault
> > faultCode: {http://xml.apache.org/axis/}Server.userException
> > faultString: javax.net.ssl.SSLHandshakeException: Couldn't
> > find trusted
> > certificate
> > faultActor: null
> > faultDetail:
> > stackTrace: javax.net.ssl.SSLHandshakeException:
> Couldn't find
> > trusted certificate
> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA6275)
> > at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
> > at
> > com.sun.net.ssl.internal.ssl.ClientHandshaker.a(DashoA6275)
> > .
> > .
> > .
> >
> > What should I do? Thanks.
> >
> >
> > -----Original Message-----
> > From: Cohan, Sean [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, July 11, 2002 4:25 PM
> > To: [EMAIL PROTECTED]
> > Subject: Can't find Trusted Cert.
> >
> >
> > What's happening if I get this message when running my
> client and more
> > importantly, how do I go about correcting it?
> >
> > SSLHandshakeException: Couldn't find trusted certificate
> >
> > I've checked that the clienttrustedstore is in my classpath
> > and restarted
> > tomcat.
> >
> > I'm almost there, I can feel it.
> >
> > Thanks.
> >
> >
> > Sean Cohan
> > Software Performance Systems
> >
>
