We're using Sybase EAServer, and we're locked into using JDK 1.4.2_03. Because of this I think i'll need to look into 3rd party JSSE or JCE implementations. Bouncycastle is the only provider I know of, but they don't seem to support TLS. Google isn't helping me much here. Does anyone know of a suitable provider that might have a working version of JSSE/JCE?
FYI the error i'm talking getting is:
javax.net.ssl.SSLProtocolException: java.io.IOException: subject key, Unknown key spec: Invalid RSA modulus size.
One tip I found: if you generate your private key using openssl, then get a certificate back from a CA, it can be hard to get this into your Java keystore. The only way I know to do it is to create a pkcs12 certificate containing both your public and private key, the using keytoolgui you have to use the "import key pair" option instead of using "import certificate". The java keytool can't do this because it doesn't understand pcsk12, and there's no way I could find to import a private key. The other option is to generate your private key using keytool, but it's difficult to get the private key out of the keystore. Incidentally keytoolgui has now been turned into a commercial product, but the old one still works if you can find it.
I hope this helps someone, and I appreciate any suggestions anyone has about my problem.
Tim
Oleg Kalnichevski wrote:
Tim,
This is believed to be a limitation of all Sun's JCE/JSSE implementations up to Java version 1.5. You can try testing your application with Java 1.5-b2 to see if the problem has indeed been fixed. Alternatively consider using IBM Java 1.4 or 3rd party JCE/JSSE implementations which _may_ not exhibit the same limitation
HTH
Oleg
On Sat, 2004-06-12 at 05:36, Tim Wild wrote:
Hi,
I'm using HttpClient to connect to an apache server that requires certificates. When I use client and server certificates from my own CA with 1024 bit keys it works perfectly. When I get a commercial certificate with a longer key (4096 bits), I get the following error (full message below) when I connect to apache:
javax.net.ssl.SSLProtocolException: java.io.IOException: subject key, Unknown key spec: Invalid RSA modulus size.
Google produced one result, which talked about a maximum key size using the JCE of 2048 bits using the JDK 1.4.2 default policy files. Another site suggested getting the unrestricted policy files, so I got and installed them, but it doesn't seem to make any difference at all.
Does anyone have any thought or suggestions? Half formed thoughs or ideas are welcome as it might give me a lead that I can follow myself.
Thanks
Tim Wild
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
