× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. JAVA400-L
  3. November 2007

RE: SSL in Java

David --

I think the problem is that os400.certificateLabel limits you to a
particular certificate, not a particular CA certificate. The intended use
of that property is to allow you to select what certificate you'll be using
for outbound transmissions. Since, in your application, you're not sending
a certificate back to the server, I'd remove that property.

Then, I would rerun with the settings that I suggested before:


-Djavax.net.debug=ssl:handshake:verbose:defaultctx:sslctx:keymanager:trustma
nager

And see what the log looks like. You might also try adding :data to the end
of the above string and the trace should show the hex dump of each handshake
message which we can then decipher.

Gary

-----Original Message-----
From: java400-l-bounces@xxxxxxxxxxxx [mailto:java400-l-
bounces@xxxxxxxxxxxx] On Behalf Of David Gibbs
Sent: Monday, November 12, 2007 8:43 AM
To: Java Programming on and around the iSeries / AS400
Subject: Re: SSL in Java

David Gibbs wrote:
I've made a bit of progress ... although I'm not really happy with
the
way I had to do it.

A bit more information ...

I reverted the java.security file in the JVM directory back to it's
original.

When I imported my CA's cert into the DCM, I gave it a label of
'TESTCA'.

When I run my test program, I set the property os400.certificateLabel
to
'TESTCA' ... and got the following error: javax.net.ssl.SSLException:
No
certificate is available for SSL processing.

The SSL trace included this:
sslctx: Keyring name = *SYSTEM
sslctx: Keyring label = TESTCA

Am I getting closer?

david

--
System i ... for when you can't afford to be out of business
--
This is the Java Programming on and around the iSeries / AS400
(JAVA400-L) mailing list
To post a message email: JAVA400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/java400-l
or email: JAVA400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/java400-l.



As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.