[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[iaik-jce] Problems importing a X509 certificate



Hello,
We have tryed to import a X509 certificate signed by Verisign and the 
Verisign's root certificate into the keystore. The certificate request 
was created with the RSA algorithm with 1024 using the Iaik package and 
it was signed with md5WithRSAEncryption. We have sent it to Verisign in 
order to sign it and we have imported the signed certificate into the 
keystore:

    .......
   PrivateKey pk = new RSAPrivateKey(new FileInputStream(¨keyP.pem¨));
   java.security.cert.X509Certificate x509 = new X509Certificate(new 
FileInputStream(¨x509.cert¨));
   java.security.cert.X509Certificate veriRoot  = new 
X509Certificate(new FileInputStream("getcacert.crt"));
   java.security.cert.X509Certificate[] chain = new 
java.security.cert.X509Certificate[]{x509, veriRoot};
   KeyAndCert llaveYCert = new KeyAndCert(chain, pk);
  
   key_store.setCertificateEntry(SSLKeyStore.KS_ALIAS_ROOT, veriRoot);
   addToKeyStore(llaveYCert,   
SSLKeyStore.KS_ALIASES_SERVER[SSLKeyStore.KS_ALG_RSA]);
   .......

Then we started the SSL RMIRegistry without any problem. But when we 
start the application which binds into the registry we get the following 
error:

.......

ssl_debug(1): Sending server_hello handshake message.
ssl_debug(1): Selecting CipherSuite: SSL_RSA_WITH_3DES_EDE_CBC_SHA
ssl_debug(1): Selecting CompressionMethod: NULL
ssl_debug(1): Sending certificate handshake message with server certificate...
ssl_debug(1): Sending server_hello_done handshake message...
ssl_debug(1): Received client_key_exchange handshake message.
ssl_debug(1): Exception while handshaking:
ssl_debug(1): java.lang.NullPointerException
ssl_debug(1):   at iaik.security.ssl.u.a(Unknown Source)
ssl_debug(1):   at iaik.security.ssl.f.c(Unknown Source)
ssl_debug(1):   at iaik.security.ssl.f.f(Unknown Source)
ssl_debug(1):   at iaik.security.ssl.r.c(Unknown Source)
ssl_debug(1):   at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source)
ssl_debug(1):   at iaik.security.ssl.SSLTransport.getInputStream(Unknown Source)
ssl_debug(1):   at iaik.security.ssl.SSLSocket.getInputStream(Unknown Source)
ssl_debug(1):   at sun.rmi.transport.tcp.TCPTransport.run(TCPTransport.java:432)
ssl_debug(1):   at java.lang.Thread.run(Thread.java)
ssl_debug(1): Sending alert: Alert Fatal: handshake failure
ssl_debug(1): Shutting down SSL layer...

If we create the root and server certificates (we don't need client 
certificates) and the keystore using the SetupKeyStore class provided in 
the demo package everything works fine.

Can anybody tell me how to import a X509 certificate from Verisign, or 
anybody has an idea of what the problem is?

Thanks in advance,
Jeronimo Ginzburg

--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-jce/jcethreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-jce