KeyUsage does not allow digital signatures
859590May 4 2011 — edited May 8 2011Hello,
I'm getting the security: KeyUsage does not allow digital signatures error (in java log) when trying to authenticate our web-based java app using a smart card (CAC). The smart card authentication works fine on one test system, but not the other. Both are using the same 'certificate' (we believe). Both have the same IIS 6.0 settings, and same java setting...as well as IE browser settings.
Visually, the symptom presents itself via the sun java login prompt when clicking the link to load the java app. We have an asp client that works fine. Only our java app is asking for re-authentication. If we manually type the credentials of a system admin, it loads the applet fine. What I can't figure out is, "Why are we getting prompted for a log-in to begin?"
Note: We have verified that IIS (via IIS logs) that authentication is successful, yet still prompted.
Here is a snippet of the java log: ----------------------------------
security: Checking if SSL certificate is in Deployment permanent certificate store
security: KeyUsage does not allow digital signatures
Exception in thread "HandshakeCompletedNotify-Thread" java.util.ConcurrentModificationException
at java.util.HashMap$HashIterator.nextEntry(Unknown Source)
at java.util.HashMap$EntryIterator.next(Unknown Source)
at java.util.HashMap$EntryIterator.next(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl$NotifyHandshakeThread.run(Unknown Source)
network: Firewall authentication: site=sditap10086.afsac.wpafb.af.mil/134.136.33.21:443, protocol=https, prompt=, scheme=ntlm
java.io.IOException: Server returned HTTP response code: 401 for URL: https://sditap10086.afsac.wpafb.af.mil/report.web/ASP/insight-inpage.jar
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
Any clues?