1

I develop an Java app that is accessing an ssl web service.

I use java 6 jax-ws with basic authentication for accesing this ws.

I configured my local machine (windows) to query this web service.

From certificates point of view I set 2 keystores : an client keystore that contains an 2 entries : one for my private key and one for my certificate , signed by an CA. The other keystore , the truststore , hold an entry for my app server (that guest the ws) .

This is a self signed certificate and, of course, my client is complaining about this. I found here a workaround for this error and I imported this certificate in my truststore. Now I can query the ws from my local machine.

On PreProduction machine (RHEL 5) I get the same error message "

PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"

I tried to do the same thing. But when I run: 

java InstallCert my_ip:ssl_port changeit

I get the following output

Loading KeyStore cacerts...
Opening connection to my_ip:ssl_port...
Starting SSL handshake...

Exception in thread "Main Thread" java.lang.NoClassDefFoundError: javax/crypto/SunJCE_b
        at javax.crypto.KeyGenerator.a(DashoA13*..)
        at javax.crypto.KeyGenerator.<init>(DashoA13*..)
        at javax.crypto.KeyGenerator.getInstance(DashoA13*..)
        at com.sun.net.ssl.internal.ssl.JsseJce.getKeyGenerator(JsseJce.java:223)
        at com.sun.net.ssl.internal.ssl.RSAClientKeyExchange.<init>(RSAClientKeyExchange.java:91)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:744)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:238)
        at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
        at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:958)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1203)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1230)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1214)
        at InstallCert.main(InstallCert.java:58)

Class javax.crypto.sunJCE_b there is an jce.jar from the jre/lib. What do you think?

Another question: my truststore that I get in windows (the one that contain the imported server certificate) is not portable?

The one that I used on windows, I can copy it on linux, isn't it?

serv-inc
  • 35,772
  • 9
  • 166
  • 188
aurel
  • 171
  • 1
  • 2
  • 7
  • 1
    Hello all of you, I tried to get a self signed certificate and load it in my trust store - for this purpose I used InstallCert The admin of web server that host the ws told me that I should disable verification self signed certificate and treat it as being trusted . How can I did this disable of verification? In my code I have access to this objects : oracle.adf.share.ADFContext and oracle.adf.share.security.providers.jps.JpsSecurityContext; Thanks, Aurel – aurel Jan 15 '16 at 12:41

2 Answers2

0

As you said that the jar exists, you might need to add it to your classpath, like so:

java -cp /path/to/jce.jar:. InstallCert my_ip:ssl_port changeit

To only list the classpath, see https://stackoverflow.com/a/17541055/1587329.

As to

Another question: my truststore that I get in windows (the one that contain the imported server certificate) is not portable?

The one that I used on windows , I can copy it on linux , isn't it?

It is advised to recreate it: Migrating a certificate keystore to another JVM

Community
  • 1
  • 1
serv-inc
  • 35,772
  • 9
  • 166
  • 188
  • jce.jar should be added to classpath by default - it is inside jre. Anyway , I tried and this version , I added -cp .... without result – aurel Jan 15 '16 at 09:25
  • @aurel: the jar was not even on my system (linux). You can show the contents of a jar via `jar xf filename` Have you tried that? – serv-inc Jan 15 '16 at 14:47
  • 1
    Yes , I tried , the class about java complains is there , in jce.jar – aurel Jan 17 '16 at 10:54
0

i faced a similar problem working with installCert application. Try modifiying the Java Crypto Policys. Download the files from oracle, JCE for Java 7.

You just download and replace the existing files in JAVA_HOME/jre/lib/security. That should work.

Oldskultxo
  • 945
  • 8
  • 19
  • Your default truststore is "cacerts" file on the same folder. Just copy it and paste it on your JVM on linux. – Oldskultxo Jan 14 '16 at 15:34
  • Thanks , but I'm working with java 6 , you want to say jce for java 6 , isn't it? I did this -with jars for java 6, with no positive results – aurel Jan 14 '16 at 17:22
  • ops, true. You should download the jce java 6 from oracle : http://www.oracle.com/technetwork/es/java/javase/downloads/jce-6-download-429243.html – Oldskultxo Jan 14 '16 at 17:25