On Wed, Jul 2, 2008 at 2:53 PM, Stefano Bagnara <[EMAIL PROTECTED]> wrote: > Rick McGuire ha scritto: >> >> Stefano Bagnara wrote: >>> >>> Rick McGuire ha scritto: >>>> >>>> Thanks Stefano, that helped. I'm getting closer, but I'm still having a >>>> problem. I created the server cert using the directions you pointed me >>>> toward, and added the cert to the truststore using the directions I found >>>> here: >>>> >>>> http://www.site.uottawa.ca/~lpeyton/csi5389genkeystore.html >>>> >>>> Now I'm getting an error on the server when I try to connect. See the >>>> log at the end. I'm running this on >>>> >>>> java version "1.5.0_11" >>>> Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_11-b03) >>>> Java HotSpot(TM) Client VM (build 1.5.0_11-b03, mixed mode) >>>> >>>> Which I've used for successful SSL connections to other servers, so I >>>> suspect the problem is in either the server configuration or the cert I >>>> added to the truststore. I'm sort of hit a dead end at this point, so any >>>> assistance is very much appreciated. >>> >>> Hi Rick, >>> >>> the jce lib you copy to JAMES_HOME/lib have to be the same of the JVM you >>> use to run JAMES. >>> So if you want to run JAMES with java 1.5 you will also have to replace >>> your 1.4 JCE in JAMES_HOME/lib with the 1.5 JCE. >>> >>> Not sure this is your issue, let me know. >> >> I'm not sure I understand this....I didn't copy any JCE to the >> JAMES_HOME/lib directory. However, I just went and double checked, and the >> JVM version that worked was not 1.4.2 like I believed, but rather 1.6. Is >> the JCE included in 1.4.2, but not in 1.6? >> Rick > > I don't use SSL, but AFAIK you have to copy the JCE from the JRE you use to > run JAMES as described in the config.xml: > <!-- JAMES TLS uses JSSE. This means that for many Sun JVMs, > the sunjce_provider.jar must be copied from $JAVA_HOME/lib/ext > into $JAMES_HOME/lib. It may also be necessary to download and > install unlimited strength policies. --> > <!-- > <useTLS>true</useTLS> > --> > <!-- Use provider elements to specify additional JCE providers. > The jars should be put into $JAMES_HOME/lib. > For example, Uncomment this if you want to use > BouncyCastle JCE (http://www.bouncycastle.org) > <provider>org.bouncycastle.jce.provider.BouncyCastleProvider</provider> --> > > I think this is true at least for java2 1.4 and java5... let us know,
bouncy castle is a much better bet for JVM independence: IIRC the JCE characteristics seem to vary widely with different sun releases - robert --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
