0

I'm new to ssl certificates and in our server (specs below 1.1) one month ago the "send mail" service stopped working. I followed the logs and it seems that there is a problem with a ssl certificate (Trace below 1.2)

  • 1.1 Server specs: jdk 1.4.2, jboss ga 4.0.2 windows server 2003

  • 1.2 Trace:

    Caused by: javax.net.ssl.SSLHandshakeException:     sun.security.validator.ValidatorException: Certificate signature validation failed
    at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
    at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
    at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
    at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA12275)
at com.sun.mail.util.TraceInputStream.read(TraceInputStream.java:97)
at java.io.BufferedInputStream.fill(BufferedInputStream.java:183)
at java.io.BufferedInputStream.read(BufferedInputStream.java:201)
at com.sun.mail.util.LineInputStream.readLine(LineInputStream.java:75)
at com.sun.mail.smtp.SMTPTransport.readServerResponse(SMTPTransport.java:1440)
... 36 more
 Caused by: sun.security.validator.ValidatorException: Certificate signature validation failed
at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:137)
at sun.security.validator.Validator.validate(Validator.java:202)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(DashoA12275)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(DashoA12275)
... 48 more
    Caused by: java.security.NoSuchAlgorithmException: 1.2.840.113549.1.1.11 Signature not available
at java.security.Security.getEngineClassName(Security.java:672)
at java.security.Security.getEngineClassName(Security.java:683)
at java.security.Security.getImpl(Security.java:1132)
at java.security.Signature.getInstance(Signature.java:169)
at sun.security.x509.X509CertImpl.verify(X509CertImpl.java:425)
at sun.security.x509.X509CertImpl.verify(X509CertImpl.java:383)
at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:135)
... 51 more

What caught my attention was the "Signature not available" so I checked and read a lot but can't seem to find the root of this problem, no one has done any change to the server certificates or the java.security file, also the code that seems to get the error appears when I send a mail. the weird thing is that everything is working on my test server, but not in my production server.

EugenSunic
  • 13,162
  • 13
  • 64
  • 86
Shocklo
  • 467
  • 2
  • 17

1 Answers1

2

you're trying to run java1.4 which not supporting sha256 algorithm,

try http://www.bouncycastle.org/latest_releases.html

or move to newer jdk 1.5/6 will do

Ler YongJing
  • 21
  • 2
  • ill give it a go to bouncycastle, upgrading to a new jdk its not an option. but is there an explanation why last month it worked like a charm (for more than 2 years) and now it just doesnt work? – Shocklo Sep 09 '15 at 20:46