David Marsh
2005-04-18 13:08:16 UTC
Hello,
I've created a self signed certificate and added it to both the tomcat keystore and truststore, and the cacerts file in the JRE.
I still get the following error, I tried keytool but ended up using the IBMKeyMan tool as keytool does not seem to fully support PKCS12.
I also set the cert as a trusted CA cert using the IBMKeyMan tool.
This certificate seems fine for browser SSL, (I have to accept the cert as my browser does not know about my local CA server.) but does not work in the demo for the server-server SSL.
Cannot think of anything else to check?
kind regards
David Marsh
Send sso-users mailing list submissions to
sso-***@sourceid.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.sourceid.org/mailman/listinfo/sso-users
or, via email, send a message with subject or body 'help' to
sso-users-***@sourceid.org
You can reach the person managing the list at
sso-users-***@sourceid.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of sso-users digest..."
Today's Topics:
1. RE: Browser Post - ConsumeResponse query (killian davies)
2. Using SSO... (David Marsh)
3. AW: [SourceID SSO-users] Using SSO... (Jochen Hiller)
4. Re: Using SSO... (David Waite)
----------------------------------------------------------------------
Message: 1
Date: Fri, 15 Apr 2005 14:06:08 +0100
From: "killian davies" <***@Unilever.com>
Subject: RE: [SourceID SSO-users] Browser Post - ConsumeResponse query
To: "'SourceID Users List'" <sso-***@sourceid.org>
Message-ID: <***@pts-004.ps.u1295.unilever.com>
Content-Type: text/plain; charset="us-ascii"
Skipped content of type multipart/alternative-------------- next part --------------
A non-text attachment was scrubbed...
Name: assertion.xml
Type: text/xml
Size: 2384 bytes
Desc: not available
Url : http://mail.sourceid.org/pipermail/sso-users/attachments/20050415/188f9527/assertion-0001.bin
------------------------------
Message: 2
Date: Fri, 15 Apr 2005 12:08:34 -0400
From: "David Marsh" <***@wyeth.com>
Subject: [SourceID SSO-users] Using SSO...
To: <sso-***@sourceid.org>
Message-ID: <***@gv01a67m.gv.us.pri.wyeth.com>
Content-Type: text/plain; charset=US-ASCII
Hello,
The certs that come with the ID-FF 1.2 Java Toolkit 2.0 Beta seem to have expired.
I was working through user guide chapter 2 page 10 and I cannot use SSO and get this error :-
16:40:40,398 INFO [SoapClientSocketFactory] Server is not using a standard trusted CA, looking in local truststore.
16:40:40,476 INFO [SoapClientSocketFactory] Server is not using a standard trusted CA, looking in local truststore.
16:40:40,492 INFO [JSSE14Support] SSL Error getting client Certs
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
at java.io.InputStream.read(InputStream.java:89)
at org.apache.tomcat.util.net.jsse.JSSE14Support.synchronousHandshake(JSSE14Support.java:88)
at org.apache.tomcat.util.net.jsse.JSSE14Support.handShake(JSSE14Support.java:67)
at org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:120)
at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:1049)
at org.apache.coyote.Request.action(Request.java:361)
at org.apache.coyote.tomcat5.CoyoteRequest.getAttribute(CoyoteRequest.java:929)
at org.apache.coyote.tomcat5.CoyoteRequestFacade.getAttribute(CoyoteRequestFacade.java:214)
at org.apache.catalina.authenticator.SSLAuthenticator.authenticate(SSLAuthenticator.java:137)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
at java.lang.Thread.run(Thread.java:534)
Caused by: sun.security.validator.ValidatorException: No trusted certificate found
at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:304)
at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:107)
at sun.security.validator.Validator.validate(Validator.java:202)
at sun.security.validator.Validator.validate(Validator.java:171)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkClientTrusted(DashoA6275)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkClientTrusted(DashoA6275)
... 33 more
Can I create my own certs? or do they have to be signed by sourceID ?
Are there any instructions on how to do this?
Please help ! :)
regards
David Marsh
------------------------------
Message: 3
Date: Fri, 15 Apr 2005 18:19:05 +0200
From: "Jochen Hiller" <***@gmx.net>
Subject: AW: [SourceID SSO-users] Using SSO...
To: "SourceID Users List" <sso-***@sourceid.org>
Message-ID: <***@gmx.net>
Content-Type: text/plain; charset="us-ascii"
Hi David,
Yes, you are right. Certs in "ID-FF Java Toolkit 2.0 Beta" version have been
timed out.
If you are using self-signed certificates, you also have to make them
available to Java as a trusted certificate. If not, the core SSL classed
will throw the exception as listed below.
Either import the certificate as trusted "keytool -trustcacerts ..." to your
keystore, or import it as certificate into your
$JRE_HOME/lib/security/cacerts file.
HTH, Jochen
Message: 4
Date: Fri, 15 Apr 2005 10:23:56 -0600
From: David Waite <***@akuma.org>
Subject: Re: [SourceID SSO-users] Using SSO...
To: SourceID Users List <sso-***@sourceid.org>
Message-ID: <0C390A13-ACB8-4DAD-85C7-***@akuma.org>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
You are very strongly (what is a stronger word for strongly?)
recommended to not use the SourceID demo certificates for anything
beyond demonstration use, as those are publicly distributed - anyone
who recognizes you use those certs can generate any 'trusted' message
they like.
The java keytool is the recommended way to generate new certs; you
need self-signed certificates. The final release of the toolkit (due
shortly) will contain new certificates for the demo application.
-David Waite
_______________________________________________
sso-users mailing list
sso-***@sourceid.org
http://lists.sourceid.org/mailman/listinfo/sso-users
End of sso-users Digest, Vol 14, Issue 3
****************************************
I've created a self signed certificate and added it to both the tomcat keystore and truststore, and the cacerts file in the JRE.
I still get the following error, I tried keytool but ended up using the IBMKeyMan tool as keytool does not seem to fully support PKCS12.
I also set the cert as a trusted CA cert using the IBMKeyMan tool.
This certificate seems fine for browser SSL, (I have to accept the cert as my browser does not know about my local CA server.) but does not work in the demo for the server-server SSL.
Cannot think of anything else to check?
kind regards
David Marsh
Send sso-users mailing list submissions to
sso-***@sourceid.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.sourceid.org/mailman/listinfo/sso-users
or, via email, send a message with subject or body 'help' to
sso-users-***@sourceid.org
You can reach the person managing the list at
sso-users-***@sourceid.org
When replying, please edit your Subject line so it is more specific
than "Re: Contents of sso-users digest..."
Today's Topics:
1. RE: Browser Post - ConsumeResponse query (killian davies)
2. Using SSO... (David Marsh)
3. AW: [SourceID SSO-users] Using SSO... (Jochen Hiller)
4. Re: Using SSO... (David Waite)
----------------------------------------------------------------------
Message: 1
Date: Fri, 15 Apr 2005 14:06:08 +0100
From: "killian davies" <***@Unilever.com>
Subject: RE: [SourceID SSO-users] Browser Post - ConsumeResponse query
To: "'SourceID Users List'" <sso-***@sourceid.org>
Message-ID: <***@pts-004.ps.u1295.unilever.com>
Content-Type: text/plain; charset="us-ascii"
Skipped content of type multipart/alternative-------------- next part --------------
A non-text attachment was scrubbed...
Name: assertion.xml
Type: text/xml
Size: 2384 bytes
Desc: not available
Url : http://mail.sourceid.org/pipermail/sso-users/attachments/20050415/188f9527/assertion-0001.bin
------------------------------
Message: 2
Date: Fri, 15 Apr 2005 12:08:34 -0400
From: "David Marsh" <***@wyeth.com>
Subject: [SourceID SSO-users] Using SSO...
To: <sso-***@sourceid.org>
Message-ID: <***@gv01a67m.gv.us.pri.wyeth.com>
Content-Type: text/plain; charset=US-ASCII
Hello,
The certs that come with the ID-FF 1.2 Java Toolkit 2.0 Beta seem to have expired.
I was working through user guide chapter 2 page 10 and I cannot use SSO and get this error :-
16:40:40,398 INFO [SoapClientSocketFactory] Server is not using a standard trusted CA, looking in local truststore.
16:40:40,476 INFO [SoapClientSocketFactory] Server is not using a standard trusted CA, looking in local truststore.
16:40:40,492 INFO [JSSE14Support] SSL Error getting client Certs
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
at java.io.InputStream.read(InputStream.java:89)
at org.apache.tomcat.util.net.jsse.JSSE14Support.synchronousHandshake(JSSE14Support.java:88)
at org.apache.tomcat.util.net.jsse.JSSE14Support.handShake(JSSE14Support.java:67)
at org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:120)
at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:1049)
at org.apache.coyote.Request.action(Request.java:361)
at org.apache.coyote.tomcat5.CoyoteRequest.getAttribute(CoyoteRequest.java:929)
at org.apache.coyote.tomcat5.CoyoteRequestFacade.getAttribute(CoyoteRequestFacade.java:214)
at org.apache.catalina.authenticator.SSLAuthenticator.authenticate(SSLAuthenticator.java:137)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
at java.lang.Thread.run(Thread.java:534)
Caused by: sun.security.validator.ValidatorException: No trusted certificate found
at sun.security.validator.SimpleValidator.buildTrustedChain(SimpleValidator.java:304)
at sun.security.validator.SimpleValidator.engineValidate(SimpleValidator.java:107)
at sun.security.validator.Validator.validate(Validator.java:202)
at sun.security.validator.Validator.validate(Validator.java:171)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkClientTrusted(DashoA6275)
at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkClientTrusted(DashoA6275)
... 33 more
Can I create my own certs? or do they have to be signed by sourceID ?
Are there any instructions on how to do this?
Please help ! :)
regards
David Marsh
------------------------------
Message: 3
Date: Fri, 15 Apr 2005 18:19:05 +0200
From: "Jochen Hiller" <***@gmx.net>
Subject: AW: [SourceID SSO-users] Using SSO...
To: "SourceID Users List" <sso-***@sourceid.org>
Message-ID: <***@gmx.net>
Content-Type: text/plain; charset="us-ascii"
Hi David,
Yes, you are right. Certs in "ID-FF Java Toolkit 2.0 Beta" version have been
timed out.
If you are using self-signed certificates, you also have to make them
available to Java as a trusted certificate. If not, the core SSL classed
will throw the exception as listed below.
Either import the certificate as trusted "keytool -trustcacerts ..." to your
keystore, or import it as certificate into your
$JRE_HOME/lib/security/cacerts file.
HTH, Jochen
-----Ursprungliche Nachricht-----
Gesendet: Freitag, 15. April 2005 18:09
Betreff: [SourceID SSO-users] Using SSO...
Hello,
The certs that come with the ID-FF 1.2 Java Toolkit 2.0 Beta seem
to have expired.
I was working through user guide chapter 2 page 10 and I cannot
use SSO and get this error :-
16:40:40,398 INFO [SoapClientSocketFactory] Server is not using
a standard trusted CA, looking in local truststore.
16:40:40,476 INFO [SoapClientSocketFactory] Server is not using
a standard trusted CA, looking in local truststore.
16:40:40,492 INFO [JSSE14Support] SSL Error getting client Certs
sun.security.validator.ValidatorException: No trusted certificate found
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
at java.io.InputStream.read(InputStream.java:89)
at
org.apache.tomcat.util.net.jsse.JSSE14Support.synchronousHandshake
(JSSE14Support.java:88)
at
org.apache.tomcat.util.net.jsse.JSSE14Support.handShake(JSSE14Supp
ort.java:67)
at
org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChai
n(JSSESupport.java:120)
at
org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:1049)
at org.apache.coyote.Request.action(Request.java:361)
at
org.apache.coyote.tomcat5.CoyoteRequest.getAttribute(CoyoteRequest
.java:929)
at
org.apache.coyote.tomcat5.CoyoteRequestFacade.getAttribute(CoyoteR
equestFacade.java:214)
at
org.apache.catalina.authenticator.SSLAuthenticator.authenticate(SS
LAuthenticator.java:137)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authent
icatorBase.java:504)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardV
alveContext.java:102)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.
java:520)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValv
e.java:137)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardV
alveContext.java:104)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValv
e.java:117)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardV
alveContext.java:102)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.
java:520)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngine
Valve.java:109)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardV
alveContext.java:104)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.
java:520)
at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
at
org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.pr
ocessConnection(Http11Protocol.java:705)
at
org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(Thre
adPool.java:683)
at java.lang.Thread.run(Thread.java:534)
Caused by: sun.security.validator.ValidatorException: No trusted
certificate found
at
sun.security.validator.SimpleValidator.buildTrustedChain(SimpleVal
idator.java:304)
at
sun.security.validator.SimpleValidator.engineValidate(SimpleValida
tor.java:107)
at sun.security.validator.Validator.validate(Validator.java:202)
at sun.security.validator.Validator.validate(Validator.java:171)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkClientTrust
ed(DashoA6275)
at
com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkClientTrust
ed(DashoA6275)
... 33 more
Can I create my own certs? or do they have to be signed by sourceID ?
Are there any instructions on how to do this?
Please help ! :)
regards
David Marsh
_______________________________________________
sso-users mailing list
http://lists.sourceid.org/mailman/listinfo/sso-users
------------------------------Gesendet: Freitag, 15. April 2005 18:09
Betreff: [SourceID SSO-users] Using SSO...
Hello,
The certs that come with the ID-FF 1.2 Java Toolkit 2.0 Beta seem
to have expired.
I was working through user guide chapter 2 page 10 and I cannot
use SSO and get this error :-
16:40:40,398 INFO [SoapClientSocketFactory] Server is not using
a standard trusted CA, looking in local truststore.
16:40:40,476 INFO [SoapClientSocketFactory] Server is not using
a standard trusted CA, looking in local truststore.
16:40:40,492 INFO [JSSE14Support] SSL Error getting client Certs
sun.security.validator.ValidatorException: No trusted certificate found
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275)
at java.io.InputStream.read(InputStream.java:89)
at
org.apache.tomcat.util.net.jsse.JSSE14Support.synchronousHandshake
(JSSE14Support.java:88)
at
org.apache.tomcat.util.net.jsse.JSSE14Support.handShake(JSSE14Supp
ort.java:67)
at
org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChai
n(JSSESupport.java:120)
at
org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:1049)
at org.apache.coyote.Request.action(Request.java:361)
at
org.apache.coyote.tomcat5.CoyoteRequest.getAttribute(CoyoteRequest
.java:929)
at
org.apache.coyote.tomcat5.CoyoteRequestFacade.getAttribute(CoyoteR
equestFacade.java:214)
at
org.apache.catalina.authenticator.SSLAuthenticator.authenticate(SS
LAuthenticator.java:137)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authent
icatorBase.java:504)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardV
alveContext.java:102)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.
java:520)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValv
e.java:137)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardV
alveContext.java:104)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValv
e.java:117)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardV
alveContext.java:102)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.
java:520)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngine
Valve.java:109)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardV
alveContext.java:104)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.
java:520)
at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
at
org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.pr
ocessConnection(Http11Protocol.java:705)
at
org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(Thre
adPool.java:683)
at java.lang.Thread.run(Thread.java:534)
Caused by: sun.security.validator.ValidatorException: No trusted
certificate found
at
sun.security.validator.SimpleValidator.buildTrustedChain(SimpleVal
idator.java:304)
at
sun.security.validator.SimpleValidator.engineValidate(SimpleValida
tor.java:107)
at sun.security.validator.Validator.validate(Validator.java:202)
at sun.security.validator.Validator.validate(Validator.java:171)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkClientTrust
ed(DashoA6275)
at
com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkClientTrust
ed(DashoA6275)
... 33 more
Can I create my own certs? or do they have to be signed by sourceID ?
Are there any instructions on how to do this?
Please help ! :)
regards
David Marsh
_______________________________________________
sso-users mailing list
http://lists.sourceid.org/mailman/listinfo/sso-users
Message: 4
Date: Fri, 15 Apr 2005 10:23:56 -0600
From: David Waite <***@akuma.org>
Subject: Re: [SourceID SSO-users] Using SSO...
To: SourceID Users List <sso-***@sourceid.org>
Message-ID: <0C390A13-ACB8-4DAD-85C7-***@akuma.org>
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
You are very strongly (what is a stronger word for strongly?)
recommended to not use the SourceID demo certificates for anything
beyond demonstration use, as those are publicly distributed - anyone
who recognizes you use those certs can generate any 'trusted' message
they like.
The java keytool is the recommended way to generate new certs; you
need self-signed certificates. The final release of the toolkit (due
shortly) will contain new certificates for the demo application.
-David Waite
Hello,
The certs that come with the ID-FF 1.2 Java Toolkit 2.0 Beta seem
to have expired.
I was working through user guide chapter 2 page 10 and I cannot use
SSO and get this error :-
16:40:40,398 INFO [SoapClientSocketFactory] Server is not using a
standard trusted CA, looking in local truststore.
16:40:40,476 INFO [SoapClientSocketFactory] Server is not using a
standard trusted CA, looking in local truststore.
16:40:40,492 INFO [JSSE14Support] SSL Error getting client Certs
sun.security.validator.ValidatorException: No trusted certificate
found
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a
(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppInputStream.read
(DashoA6275)
at java.io.InputStream.read(InputStream.java:89)
at
org.apache.tomcat.util.net.jsse.JSSE14Support.synchronousHandshake
(JSSE14Support.java:88)
at org.apache.tomcat.util.net.jsse.JSSE14Support.handShake
(JSSE14Support.java:67)
at
org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain
(JSSESupport.java:120)
at org.apache.coyote.http11.Http11Processor.action
(Http11Processor.java:1049)
at org.apache.coyote.Request.action(Request.java:361)
at org.apache.coyote.tomcat5.CoyoteRequest.getAttribute
(CoyoteRequest.java:929)
at
org.apache.coyote.tomcat5.CoyoteRequestFacade.getAttribute
(CoyoteRequestFacade.java:214)
at
org.apache.catalina.authenticator.SSLAuthenticator.authenticate
(SSLAuthenticator.java:137)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke
(AuthenticatorBase.java:504)
at org.apache.catalina.core.StandardValveContext.invokeNext
(StandardValveContext.java:102)
at org.apache.catalina.core.StandardPipeline.invoke
(StandardPipeline.java:520)
at org.apache.catalina.core.StandardHostValve.invoke
(StandardHostValve.java:137)
at org.apache.catalina.core.StandardValveContext.invokeNext
(StandardValveContext.java:104)
at org.apache.catalina.valves.ErrorReportValve.invoke
(ErrorReportValve.java:117)
at org.apache.catalina.core.StandardValveContext.invokeNext
(StandardValveContext.java:102)
at org.apache.catalina.core.StandardPipeline.invoke
(StandardPipeline.java:520)
at org.apache.catalina.core.StandardEngineValve.invoke
(StandardEngineValve.java:109)
at org.apache.catalina.core.StandardValveContext.invokeNext
(StandardValveContext.java:104)
at org.apache.catalina.core.StandardPipeline.invoke
(StandardPipeline.java:520)
at org.apache.catalina.core.ContainerBase.invoke
(ContainerBase.java:929)
at org.apache.coyote.tomcat5.CoyoteAdapter.service
(CoyoteAdapter.java:160)
at org.apache.coyote.http11.Http11Processor.process
(Http11Processor.java:799)
at org.apache.coyote.http11.Http11Protocol
$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt
(PoolTcpEndpoint.java:577)
at org.apache.tomcat.util.threads.ThreadPool
$ControlRunnable.run(ThreadPool.java:683)
at java.lang.Thread.run(Thread.java:534)
Caused by: sun.security.validator.ValidatorException: No trusted
certificate found
at sun.security.validator.SimpleValidator.buildTrustedChain
(SimpleValidator.java:304)
at sun.security.validator.SimpleValidator.engineValidate
(SimpleValidator.java:107)
202)
171)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkClientTrusted
(DashoA6275)
at
com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkClientTrusted
(DashoA6275)
... 33 more
Can I create my own certs? or do they have to be signed by sourceID ?
Are there any instructions on how to do this?
Please help ! :)
regards
David Marsh
_______________________________________________
sso-users mailing list
http://lists.sourceid.org/mailman/listinfo/sso-users
------------------------------The certs that come with the ID-FF 1.2 Java Toolkit 2.0 Beta seem
to have expired.
I was working through user guide chapter 2 page 10 and I cannot use
SSO and get this error :-
16:40:40,398 INFO [SoapClientSocketFactory] Server is not using a
standard trusted CA, looking in local truststore.
16:40:40,476 INFO [SoapClientSocketFactory] Server is not using a
standard trusted CA, looking in local truststore.
16:40:40,492 INFO [JSSE14Support] SSL Error getting client Certs
sun.security.validator.ValidatorException: No trusted certificate
found
at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a
(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_aw.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA6275)
at com.sun.net.ssl.internal.ssl.AppInputStream.read
(DashoA6275)
at java.io.InputStream.read(InputStream.java:89)
at
org.apache.tomcat.util.net.jsse.JSSE14Support.synchronousHandshake
(JSSE14Support.java:88)
at org.apache.tomcat.util.net.jsse.JSSE14Support.handShake
(JSSE14Support.java:67)
at
org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain
(JSSESupport.java:120)
at org.apache.coyote.http11.Http11Processor.action
(Http11Processor.java:1049)
at org.apache.coyote.Request.action(Request.java:361)
at org.apache.coyote.tomcat5.CoyoteRequest.getAttribute
(CoyoteRequest.java:929)
at
org.apache.coyote.tomcat5.CoyoteRequestFacade.getAttribute
(CoyoteRequestFacade.java:214)
at
org.apache.catalina.authenticator.SSLAuthenticator.authenticate
(SSLAuthenticator.java:137)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke
(AuthenticatorBase.java:504)
at org.apache.catalina.core.StandardValveContext.invokeNext
(StandardValveContext.java:102)
at org.apache.catalina.core.StandardPipeline.invoke
(StandardPipeline.java:520)
at org.apache.catalina.core.StandardHostValve.invoke
(StandardHostValve.java:137)
at org.apache.catalina.core.StandardValveContext.invokeNext
(StandardValveContext.java:104)
at org.apache.catalina.valves.ErrorReportValve.invoke
(ErrorReportValve.java:117)
at org.apache.catalina.core.StandardValveContext.invokeNext
(StandardValveContext.java:102)
at org.apache.catalina.core.StandardPipeline.invoke
(StandardPipeline.java:520)
at org.apache.catalina.core.StandardEngineValve.invoke
(StandardEngineValve.java:109)
at org.apache.catalina.core.StandardValveContext.invokeNext
(StandardValveContext.java:104)
at org.apache.catalina.core.StandardPipeline.invoke
(StandardPipeline.java:520)
at org.apache.catalina.core.ContainerBase.invoke
(ContainerBase.java:929)
at org.apache.coyote.tomcat5.CoyoteAdapter.service
(CoyoteAdapter.java:160)
at org.apache.coyote.http11.Http11Processor.process
(Http11Processor.java:799)
at org.apache.coyote.http11.Http11Protocol
$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt
(PoolTcpEndpoint.java:577)
at org.apache.tomcat.util.threads.ThreadPool
$ControlRunnable.run(ThreadPool.java:683)
at java.lang.Thread.run(Thread.java:534)
Caused by: sun.security.validator.ValidatorException: No trusted
certificate found
at sun.security.validator.SimpleValidator.buildTrustedChain
(SimpleValidator.java:304)
at sun.security.validator.SimpleValidator.engineValidate
(SimpleValidator.java:107)
202)
171)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkClientTrusted
(DashoA6275)
at
com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkClientTrusted
(DashoA6275)
... 33 more
Can I create my own certs? or do they have to be signed by sourceID ?
Are there any instructions on how to do this?
Please help ! :)
regards
David Marsh
_______________________________________________
sso-users mailing list
http://lists.sourceid.org/mailman/listinfo/sso-users
_______________________________________________
sso-users mailing list
sso-***@sourceid.org
http://lists.sourceid.org/mailman/listinfo/sso-users
End of sso-users Digest, Vol 14, Issue 3
****************************************