Ok, I'm forking this thread a bit ... because the thread nesting was
getting pretty distracting.

I've made a bit of progress ... although I'm not really happy with the
way I had to do it.

I got my test java app to talk to a my SSL server ... but I had to make
some modifications to the global java config that are fairly
unacceptable (especially since this is going to be used on a customers

In the /QIBM/Proddata/java400/jdk14/lib/security/java.security file, I
made the following modifications:

1. I added 'com.ibm.jsse.IBMJSSEProvider' as a security provider and
moved it to the top of the list. When it was at position 8 I still got
the cipher error.

# List of providers and their preference orders (see above):
# commented out by dmg 11/9/07
# added by dmg 11/9/07


2. I changed the ssl socketfactory providers to be the JSSE versions.

# commented out by dmg 9/11/07



# added by dmg 9/11/07





I *THINK* that this configuration is using the
/QIBM/ProdData/Java400/jdk14/lib/security/jssacacerts file to pick up my
CA certificate.

The test program works fine when I run it with a secofr profile ... but
when I run it with a normal programmer profile, I get
javax.net.ssl.SSLHandshakeException: unknown certificate :(


Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2015 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact