Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsWhite Papers
Discussion GroupsFirst AidDatabasesJavaBeansGUIJava 3DVirtual MachineCORBASecurityToolsGeneral
Java DirectoryOpen Source ProjectsSample Book ChaptersUser GroupsWeb Resources
Related Topics
Databases.NETMore Topics ...
Java Forum / Security / November 2006

Tip: Looking for answers? Try searching our database.

JCE 1.2.2 - "Cannot set up certs for trusted CAs"

Thread view: 
Enable EMail AlertsStart New Thread
nishant80@gmail.com - 24 Oct 2006 15:34 GMT
Hi,

I am using JCE 1.2.2 for one of my applications and got the following
error today:

Exception in thread "main" java.lang.ExceptionInInitializerError:
java.lang.SecurityException: Cannot set up certs for

trusted CAs

I had got a similar error last year (Jul 2005) when I was using JCE
1.2.1
That time, I had come to know that the JCE 1.2.1 Signing Certificate
was supposed to expire on July 27, 2005

(http://java.sun.com/products/jce/index-122.html)

Hence, as per the recommendation from java.sun.com, I had upgraded JCE
to 1.2.2 which solved the problem.

The JCE 1.2.2 FAQ (http://java.sun.com/products/jce/jce122_faq.html)
says:
"The validation code which checked for certificate expiration was
*ONLY* used in JCE 1.2.1. The validity period check *WAS REMOVED* from
JCE 1.2.2 and all successive J2SE releases. Hence these JCE versions do
not check the expiration date, and will not stop working after the
certificate validity period has expired."

But to my surprise, today (Oct 23, 2006) I got the same error as last
year.
I am now clueless as to how this can be fixed. Does JCE 1.2.2 have a
BUG?

Ideas/Suggestions/Solutions are most welcome. Please advise.

Thnx,
Nishant
Reply to this Message
CabinTrips.com - 25 Oct 2006 14:46 GMT
We're having the same issue. Please let me know if you find a
fix/workaround.

Thanks,
Julian
> Hi,
>
[quoted text clipped - 33 lines]
> Thnx,
> Nishant
Reply to this Message
CabinTrips.com - 25 Oct 2006 15:59 GMT
Have you verified that you don't have both jce1_2_1.jar and
jce1_2_2.jar in the same directory? I know the Sun site doesn't
specify, but this may cause problems. Seems to have fixed it for us.
However, I did see an interesteing post:

http://archives.java.sun.com/cgi-bin/wa?A2=ind0609&L=java-security&F=&S=&P=2225

but couldn't verify the expiratation date with:
jarsigner -verify -certs -verbose jce1_2_2.jar

Good luck!
Julian

> Hi,
>
[quoted text clipped - 33 lines]
> Thnx,
> Nishant
Reply to this Message
nishant80@gmail.com - 03 Nov 2006 13:55 GMT
Hi Julian,

Yes, that was the exact cause of this problem! -- came to know abt it
wen the SUN support guys replied to my query.

On my server, there were 2 older JCE libraries:
1) SUN JCE 1.2.1 and
2) IBM JCE

I removed the old libraries and it solved the problem.

I also had gone thru the link provided by you on the SUN website which
enforced my belief that 1.2.2 certificate would not expire ever.

Looks like we went about solving our problems in the exact same manner
:)

Thank you for replying to my query and then doing the follow-up.

Nishant.
Reply to this Message


Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.