Re: [iaik-ssl] "Unknown certificate type!" in addServerCredentials

["Stef Hoeben" <stef.hoeben@utimaco.be>]

Hello,

maybe you can solve the problem by doing Security.addProvider()
instead of Security.insertProviderAt(). Or if your provider has to
be on the first place, do a Security.removeProvider() before the
addServerCredentials() and a Security.inserProvider()
afterwards.
If that would work and you wonder why, just let me know.

Greetings, Stef



Hi!

We are trying to run IAIK SSL 3.0 on top of a 3rd-party chipcard-based
JCE-implementation.
Out intention is to have chipcard-based, secure RMI. This is (in short)
what
we're doing now:

        Security.insertProviderAt(new OurChipcardJCEProvider() , 1);
        SecurityProvider.setSecurityProvider(new
SecurityProvider("OurJCEProviderName"));
        :
        clientContext = new SSLClientContext();
        serverContext = new SSLServerContext();
        :
        setupClientContext(clientContext); // uses addClientCredentials,
setEnabledCipherSuites ...
        setupServerContext(serverContext); // also calls
addServerCredentials
        :
        sslRMISocketFactory = new SSLRMISocketFactory();
        sslRMISocketFactory.setClientContext(clientContext);
        sslRMISocketFactory.setServerContext(serverContext);
        :
        RMISocketFactory.setSocketFactory(sslRMISocketFactory);
        :

When calling serverContext.addServerCredentials(encryptChain, privateKey),
we get an
"Unknown certificate type!" Exception. The addClientCredentials call before
works.

Our question: What exactly leads to this error?
The type String returned by the X509Certificate objects delivered by our
JCE-implementation is "X.509".

We're in contact with the developers of the JCE stuff, but what should we
tell them is wrong with their certificates?





--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl