Cacerts compatibility with java versions

Question

I am generating cacerts using JDK1.6 keytool.

Then I am using this cacerts file using JRE1.7, but I get exception like :

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
        at sun.security.ssl.Alerts.getSSLException(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
        at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
        at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
        at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
        at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
        at sun.security.ssl.Handshaker.processLoop(Unknown Source)
        at sun.security.ssl.Handshaker.process_record(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
        at com.sun.identity.setup.OpenSSOConfigurator.main(OpenSSOConfigurator.java:172)
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
        at sun.security.validator.PKIXValidator.doValidate(Unknown Source)
        at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
        at sun.security.validator.Validator.validate(Unknown Source)
        at sun.security.ssl.X509TrustManagerImpl.validate(Unknown Source)
        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown Source)
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source)
        ... 12 more
Caused by: java.security.cert.CertPathValidatorException: signature check failed
        at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(Unknown Source)
        at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(Unknown Source)
        at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(Unknown Source)
        at java.security.cert.CertPathValidator.validate(Unknown Source)
        ... 18 more
Caused by: java.security.SignatureException: Signature does not match.
        at sun.security.x509.X509CertImpl.verify(Unknown Source)
        at sun.security.provider.certpath.BasicChecker.verifySignature(Unknown Source)
        at sun.security.provider.certpath.BasicChecker.check(Unknown Source)
        ... 22 more
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed
        at sun.security.ssl.Alerts.getSSLException(Unknown Source)
        at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
        at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
        at sun.security.ssl.Handshaker.fatalSE(Unknown Source)2015-01-07 19:22:02 IST - ERROR: Problems - bootstrap file not created

Is this compatibility issue? Are cacerts generated using one version of java not compatible with another version of java?

Ortomala Lokni · Accepted Answer

As already explained in another answer

The answer to your problem is you are using SUN as your keystore provider java 6 was released prior to oracle purchasing SUN and java 7 was released after and many of the Sun packages are now deprecated.

For full details read the official documentation: Java Cryptography Architecture Oracle Providers Documentation for Java Platform Standard Edition 7

Cacerts compatibility with java versions

Answers (1)

Related Questions