[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [iaik-jce] Problems importing a X509 certificate



Hello,

use a proper add*Credentials for immediately adding certs/keys to the
context; but not to the demo keystore.

Dieter Bratko

-----Ursprüngliche Nachricht-----
Von: iaik-jce-owner@iaik.tu-graz.ac.at
[mailto:iaik-jce-owner@iaik.tu-graz.ac.at]Im Auftrag von Jeronimo
Ginzburg
Gesendet: Dienstag, 5. September 2000 17:39
An: iaik-jce@iaik.tu-graz.ac.at
Betreff: [iaik-jce] Problems importing a X509 certificate


Hello,
We have tryed to import a X509 certificate signed by Verisign and the
Verisign's root certificate into the keystore. The certificate request
was created with the RSA algorithm with 1024 using the Iaik package and
it was signed with md5WithRSAEncryption. We have sent it to Verisign in
order to sign it and we have imported the signed certificate into the
keystore:

    .......
   PrivateKey pk = new RSAPrivateKey(new FileInputStream(¨keyP.pem¨));
   java.security.cert.X509Certificate x509 = new X509Certificate(new
FileInputStream(¨x509.cert¨));
   java.security.cert.X509Certificate veriRoot  = new
X509Certificate(new FileInputStream("getcacert.crt"));
   java.security.cert.X509Certificate[] chain = new
java.security.cert.X509Certificate[]{x509, veriRoot};
   KeyAndCert llaveYCert = new KeyAndCert(chain, pk);

   key_store.setCertificateEntry(SSLKeyStore.KS_ALIAS_ROOT, veriRoot);
   addToKeyStore(llaveYCert,
SSLKeyStore.KS_ALIASES_SERVER[SSLKeyStore.KS_ALG_RSA]);
   .......

Then we started the SSL RMIRegistry without any problem. But when we
start the application which binds into the registry we get the following
error:

.......

ssl_debug(1): Sending server_hello handshake message.
ssl_debug(1): Selecting CipherSuite: SSL_RSA_WITH_3DES_EDE_CBC_SHA
ssl_debug(1): Selecting CompressionMethod: NULL
ssl_debug(1): Sending certificate handshake message with server
certificate...
ssl_debug(1): Sending server_hello_done handshake message...
ssl_debug(1): Received client_key_exchange handshake message.
ssl_debug(1): Exception while handshaking:
ssl_debug(1): java.lang.NullPointerException
ssl_debug(1):   at iaik.security.ssl.u.a(Unknown Source)
ssl_debug(1):   at iaik.security.ssl.f.c(Unknown Source)
ssl_debug(1):   at iaik.security.ssl.f.f(Unknown Source)
ssl_debug(1):   at iaik.security.ssl.r.c(Unknown Source)
ssl_debug(1):   at iaik.security.ssl.SSLTransport.startHandshake(Unknown
Source)
ssl_debug(1):   at iaik.security.ssl.SSLTransport.getInputStream(Unknown
Source)
ssl_debug(1):   at iaik.security.ssl.SSLSocket.getInputStream(Unknown
Source)
ssl_debug(1):   at
sun.rmi.transport.tcp.TCPTransport.run(TCPTransport.java:432)
ssl_debug(1):   at java.lang.Thread.run(Thread.java)
ssl_debug(1): Sending alert: Alert Fatal: handshake failure
ssl_debug(1): Shutting down SSL layer...

If we create the root and server certificates (we don't need client
certificates) and the keystore using the SetupKeyStore class provided in
the demo package everything works fine.

Can anybody tell me how to import a X509 certificate from Verisign, or
anybody has an idea of what the problem is?

Thanks in advance,
Jeronimo Ginzburg

--
Mailinglist-archive at
http://jcewww.iaik.at/mailarchive/iaik-jce/jcethreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content:
UNSUBSCRIBE iaik-jce




smime.p7s