--
Chad La Joie
http://itumi.biz
trusted identities, delivered
Is there something unusual about the hostname your box reports?
You can usually avoid using keystores with most containers and just use PKCS12 as a keystore "type", so you could try generating a keypair yourself and then convert that into PKCS12 with openssl for Java SSL use.
-- Scott
--
Yes, I was suggesting starting over with a different key pair with a subject he controls. I can't think what else could break it but something about the cert content.
Since it's deriving the hostname on the fly from the box, my guess would be something's off about it.
-- Scott
On 2/18/11 9:51 AM, David Hatanian wrote:
> OK, it was an openjdk6 issue. I installed the sun JRE and my IdP is now up
> and running.
> Thank you for your help Chad and Scott !
>
> David
>
> 2011/2/18 David Hatanian <dhat...@octo.com>
>
>> It seems to be an environment problem. I got the piece of code below
>> working on my Windows dev environment and my Ubuntu virtual server, and the
>> exception is thrown only on Ubuntu. So I'm thinking :
>>
>> - Difference in text handling between OSes
>> - Difference in SSL library versions
>> - Difference in the JVM versions
>>
>> As for the jar dependencies, I used the same in both environments (copied
>> from the IdP lib folder).
>>
>> Here is the code I ran :
>>
>> package edu.internet2.middleware.shibboleth.common.config.security;
>> import java.security.cert.CertificateException;
>> import
>> edu.internet2.middleware.shibboleth.common.config.security.FilesystemX509CredentialBeanDefinitionParser;;
>>
>> public class TestParseCert {
>> public static void main(String[] args) throws CertificateException{
>> FilesystemX509CredentialBeanDefinitionParser p = new
>> FilesystemX509CredentialBeanDefinitionParser();
>>
>> org.opensaml.xml.security.x509.X509Util.decodeCertificate(p.getEncodedCertificate("idp.crt.pem"));
>> }
>> }
>>
>>
>> 2011/2/17 Cantor, Scott E. <cant...@osu.edu>
>>
>>> The stacktrace he gave isn't from the reading of the JKS file but the
>>>> PEM encoded key/cert file. So that won't fix it.
>>>
>>> Yes, I was suggesting starting over with a different key pair with a
>>> subject he controls. I can't think what else could break it but something
>>> about the cert content.
>>>
>>> Since it's deriving the hostname on the fly from the box, my guess would
>>> be something's off about it.
>>>
>>> -- Scott
>>>
>>>
>>
>
--
java version "1.6.0_20"OpenJDK Runtime Environment (IcedTea6 1.9.2) (6b20-1.9.2-0ubuntu1)OpenJDK Client VM (build 19.0-b09, mixed mode, sharing)
On 2/18/11 9:56 AM, David Hatanian wrote:
> The *java -version* says :