Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

javax.net.ssl.SSLHandshakeException: Error signing certificate verify

843811Aug 3 2009 — edited Aug 10 2009
Hello All,

I am getting error (javax.net.ssl.SSLHandshakeException: Error signing certificate verify)

Please look at Below code fragment
I am trying to connect a server(Client SSL enabled), for which i have a SSL certificate.
I am able to get handle to the private key of this certificate(Certificate is in smart card), which i am returning from getPrivateKey() method. And all other methods works fine... like returning certificate chain etc.


Can any one please resolve why i am getting this error. 
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());		
		KeyStoreUtil objKU = new KeyStoreUtil();
		KeyStore keyStore = objKU.getKeyStoreInstance(); //Will return keystore(I have my own provider)

		keyManagerFactory.init(keyStore, null);		
		KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();

	     for (int i = 0; i < keyManagers.length; ++i)
	      {
		keyManagers[i] = new EX509KeyManager((X509KeyManager)keyManagers, "AliasName");

	}		

//Using this key manager i have created SSLContext object.

//Using KeyStore I am able to get private Key handle


static class EX509KeyManager implements X509KeyManager

{

private X509KeyManager B;

private String A;



public EX509KeyManager(X509KeyManager keyManager, String alias)

{

this.B = keyManager;

this.A = alias;

}



public String chooseClientAlias(String[] keyType, Principal[] issuers, Socket socket)

{

return this.A;

}



public String chooseServerAlias(String keyType, Principal[] issuers, Socket socket)

{

return this.B.chooseServerAlias(keyType, issuers, socket);

}



public X509Certificate[] getCertificateChain(String alias)

{

return this.B.getCertificateChain(alias);

}



public String[] getClientAliases(String keyType, Principal[] issuers)

{

return this.B.getClientAliases(keyType, issuers);

}



public PrivateKey getPrivateKey(String alias)

{

return this.B.getPrivateKey(alias);

}



public String[] getServerAliases(String keyType, Principal[] issuers)

{

return this.B.getServerAliases(keyType, issuers);

}

}
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Sep 7 2009
Added on Aug 3 2009
#java-secure-socket-extension-jsse
21 comments
10,983 views