I had something very similar with Windows98 and JDK1.2.2. I had to install
JSSE 1.0.1 to get the RSA algorithm (and configure a new security provider
in jre/lib/security/java/security).
Rgds, Mick
----- Original Message -----
From: "Joseph B. Ottinger" <[EMAIL PROTECTED]>
To: "Orion-Interest" <[EMAIL PROTECTED]>
Sent: 08 July 2000 12:52
Subject: SSL key generation, yet again
> Okay, this is very frustrating. :(
>
> I'm using Sun's JDK 1.3.0 for Linux, Orion 1.1.9. Output from java
> -version:
>
> java version "1.3.0beta"
> Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.0beta-b07)
> Java HotSpot(TM) Client VM (build 1.3.0beta-b04, mixed mode)
>
>
> I've tried the SSL-howto steps from www.orionserver.com; if I
> use -keyalg "RSA", I get this message:
>
> keytool error: java.security.NoSuchAlgorithmException: RSA
> KeyPairGenerator not available
>
> That's fairly self-explanatory, although odd. So, being intrepid and all,
> I simply remove the RSA specification, since this is just a test cert,
> after all.
>
> That allows me to create the keystore. The key password for <mykey> is
> left as the same as the keystore password.
>
> So I go happily along my way, generating the .csr file with no obvious
> difficulty. I go to thawte.com, as the howto suggests. My only deviation
> from the howto is, as mentioned, the elimination of '-keyalg "RSA"' from
> the keytool invocation.
>
> At thawte.com, I post my certificate request via IE5, set validity for 360
> days, valid from now, type of certificate is "Test SSL Chained CA Cert",
> and use the default certificate format. I hit the "Generate Test
> Certificate" submit button and get a certificate, in PKCS #7 SIGNED DATA
> format.
>
> I take the certificate source, cat it into a .cer file, as the howto
> suggests.
>
> And here's where things start falling apart.
>
> % keytool -keystore keystore -import -trustcacerts -file cupid.cer
> Enter keystore password: 123456
> keytool error: java.lang.Exception: Certificate chain in reply does not
> verify: MD5WITHRSA Signature not available
>
> Well, since I don't have RSA in the JDK, I suppose that makes sense.
>
> However, there's not a lot I can do about it, since chained certs
> apparently only use the RSA algorithm; thawte says they ignore any
> specifications for chained CA certs, using ONLY PKCS #7 for these. I don't
> know where to get a version of the RSA algorithm for JSSE (I downloaded
> the JSSE stuff from Sun, but Orion's version looks more recent, so I'm
> using Orion's). jcert.jar does, in fact, have an MD5RSA algorithm, but I
> have no idea how to tell Java that, or why it's not realising it on its
> own.
>
> Can anyone help? This is a critical issue for me and I am royally stuck.
>
> -----------------------------------------------------------
> Joseph B. Ottinger [EMAIL PROTECTED]
> http://cupid.suninternet.com/~joeo HOMES.COM Developer
>
>
>
