I got an application that connects to a vendor using HTTPS url connection. This app was working find in WLS8.1. I recently had to change this for Oracle 10.3. The app got recompiled with new JDK and all of a sudden I was getting this error.
Searching through Oracle and Google did not result in any solution. After trying several ways to redo the connection and debugging with SSL debug turned on, I ran into an illegal key size issue. The server certificate is from VeriSign. I remember we had similar issue with certificates earlier and searched in google for this specific information. Luckily some one had a document about this
here in this web site.
http://www.java-answers.com/index.php?topic=22.0
I downloaded the policy files from SUN, voila every thing worked fine after that. The "readme" of the policy files explains that this policy is unrestricted but the default one is restricted.
Link to the JDK1.6 policy file:
https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer-Site/en_US/-/USD/ViewProductDetail-Start?ProductRef=jce_policy-6-oth-JPR@CDS-CDS_Developer
I am not sure why this not properly documented or published. The irony is that it worked fine in Weblogic 8.1 and did not even suspect the new JDK policy files as a problem. I have other clients using same version that are working fine (only difference here is that these certificates are from entrust).
Another side note: the development servers that I was connecting from only has a demo certificate configured for incoming connections. (Mine is out going, didn't think it matters but thought of mentioning as so many factors involved in creating this error).
Hope this helps some one if they run into the same issue.
(Update: I found that the security policy files needs to in both JRockit and JDK folders even though I only use JRockit to run my server. Also the production servers where my 8.1 version of the code worked had the right policy to begin with. I synced up the policy files from production to test to keep them consistent. But the error is related to unlimitted encryption policy files. )
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment