Skip to Main Content
Forums

Java and JavaScript in the Database

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

How to configure JVM to work with 'Extended Validation"-certificates?

509410Mar 19 2009 — edited Apr 28 2009
We have developed an HTTPS-Client as an JavaStoredProcedure (Oracle 10g DB 10.2.0.3) which works very well. Soon our service-provider will replace his old certificates with "extended validation certificates for SSL" from Verisign. Our Provider told us to import two relevant Root-CA's.

We're now facing some issues with these EV-certificates:

Standalone app using (JDeveloper 10.1.3.4):
Using JDK1.4 (our target because of db-dependency)
a. Using JDK1.4 with original keystore
=>javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found

b. Using JDK1.4 with keystore and imported root-ca's
=>javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: Certificate chaining error

Using JDK1.5 (tested out of curiosity)
c. Using JDK1.5 with original keystore
=> SUCCESS

c. Using JDK1.5 with keystore and imported root-ca's
=> javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: subject/issuer name chaining check failed

---------
Now we changed the property ssl.TrustManagerFactory.algorithm from SunX509 to SunPKIX (File: java.security for JDK1.4 because this is our target-JVM).
a. Using JDK1.4 with original keystore
=> SUCCESS

b. Using JDK1.4 with keystore and imported root-ca's
=>javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: subject/issuer name chaining check failed
---------
After this experience we changed the database's java.security-file to SunPKIX (path: /ORACLE/u01/app/oracle/product/10.2.0.3/javavm/lib/security) and rebooted our db. But unfortunally it does not work!! Our JavaStoredProcedure throws the following exception:
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificate chaining error: issuer DN != subject DN
Opps... Tracing all file access to java.security-file I found out that it is never accessed by the database (!?)...so this explains why it wont work but it raises another question to me: why is this file ignort from the Oracle JVM?

What's wrong here? Have I missed something relevant?

TIA,
Ted

Edited by: TedChen on Mar 20, 2009 10:55 AM
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on May 26 2009
Added on Mar 19 2009
1 comment
4,930 views