Advertisement

01.25.2008 at 05:18AM PST, ID: 23110895
[x]
Attachment Details

Java, JDK 1.4.2_16, Certificate chaining error (keystore, truststore)

Asked by mhci_nne in Secure Socket Layer (SSL) & HTTPS, Java Programming Language, Eclipse

Tags: ,

Hi experts

I have generated a web serive stub client using eclipse (just downloaded the newest version)

My problem is that I have to use a https connection, hence I need to install a GlobalSign Certificate into my java Keytool.
I tried to follow the guideline from http://www.globalsign.com/support/code-signing/codesign_sunjava.html
however I cannot se how I can fulfill it since the "CN" parameter including my email is not excepted?

Here is what I done so far:

%java_home%\bin\keytool -genkey -alias codesigncert -keypass changeit -keyalg RSA -keysize 1024 -dname "CN=localhost,O=telmore" -keystore codesignstore -storepass changeit
%java_home%\bin\keytool -certreq -v -alias codesigncert -file codesigncsr.pem -keystore codesignstore
Enter keystore password:  changeit
Enter key password for <codesigncert>changeit

C:\>more codesigncsr.pem
-----BEGIN NEW CERTIFICATE REQUEST-----
MIIBZTCBzwIBADAmMRAwDgYDVQQKEwd0ZWxtb3JlMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJ
KoZIhvcNAQEBBQADgY0AMIGJAoGBAMkYzu0vrhzNrROwfYFroAPZpBDxBeDVSfr09HZD2dVBe/kD
Hp7CkocGBREH0y3QCDu6stcRMdtGBfGthu9kTrtsgy8vof5S3lKYEOa5weMjQxHFAbL9ss8Ia2Zj
EF0KCUJDzk27AdW01PNmIDs4fXfz76kDWSe3z4hFQvkASRyXAgMBAAGgADANBgkqhkiG9w0BAQQF
AAOBgQCEwuZoaFEliDJdcO83My0tFlqIpBbo9OJCn0kJbQ6yxVb+WJotI4MhnjVdY4S1hIPRbbsf
mWJczmgxFcQzbS7Vn8FddF2euhchIySnSSWVkO8I371iYl601dJ4Vqf9Zb9IQhSeF/iwrJ1P4GEt
gpBBJFXAb8F30M4Ba85k/WKNGw
-----END NEW CERTIFICATE REQUEST-----

C:\>%java_home%\bin\keytool -printcert -v -file codesigncsr.pem

sun.security.pkcs.ParsingException: X509.ObjectIdentifier() -- data isn't an object ID (tag = 48)
        at sun.security.pkcs.PKCS7.parse(PKCS7.java:118)
        at sun.security.pkcs.PKCS7.<init>(PKCS7.java:68)
        at sun.security.provider.X509Factory.parseX509orPKCS7Cert(X509Factory.java:530)
        at sun.security.provider.X509Factory.engineGenerateCertificates(X509Factory.java:407)
        at java.security.cert.CertificateFactory.generateCertificates(CertificateFactory.java:511)
        at sun.security.tools.KeyTool.doPrintCert(KeyTool.java:1021)
        at sun.security.tools.KeyTool.doCommands(KeyTool.java:539)
        at sun.security.tools.KeyTool.run(KeyTool.java:124)
        at sun.security.tools.KeyTool.main(KeyTool.java:118)
Caused by: java.io.IOException: X509.ObjectIdentifier() -- data isn't an object ID (tag = 48)
        at sun.security.util.ObjectIdentifier.<init>(ObjectIdentifier.java:134)
        at sun.security.util.DerInputStream.getOID(DerInputStream.java:250)
        at sun.security.pkcs.ContentInfo.<init>(ContentInfo.java:117)
        at sun.security.pkcs.PKCS7.parse(PKCS7.java:136)
        at sun.security.pkcs.PKCS7.parse(PKCS7.java:115)
        ... 8 more
keytool error: java.lang.Exception: Failed to parse input

When I execute the java program I get the following exception:

nested exception is:
      javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: Certificate chaining error


Please help me with getting the VM to accept the certification (so that I can execute the program ).
Start Free Trial
[+][-]01.25.2008 at 01:58PM PST, ID: 20746720

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 7-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]01.30.2008 at 01:51AM PST, ID: 20775815

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]01.30.2008 at 05:58AM PST, ID: 20776992

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]01.30.2008 at 06:18AM PST, ID: 20777127

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 7-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]02.15.2008 at 08:36AM PST, ID: 20903325

View this solution now by starting your 7-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

 

About this solution

Zones: Secure Socket Layer (SSL) & HTTPS, Java Programming Language, Eclipse
Tags: Java, JDK 1.4.2_16
Sign Up Now!
Solution Provided By: mhci_nne
Participating Experts: 1
Solution Grade: A
 
 
 
Loading Advertisement...
20080716-EE-VQP-32 / EE_QW_2_20070628