Path: newssvr20.news.prodigy.com!newsmst01.news.prodigy.com!prodigy.com!news-out.triton.net!triton.net!newsfeeder.triton.net!news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!newsfeed.icl.net!newsfeed.fjserv.net!newsfeed.icl.net!newsfeed.fjserv.net!skynet.be!skynet.be!newshub1.home.nl!home.nl!not-for-mail
From: Frank <fbortel@home.nl>
Newsgroups: comp.databases.oracle.server
Subject: Re: Jinitiator and ssl: SSL handshake failed
Date: Tue, 11 Nov 2003 23:20:51 +0100
Organization: @Home Benelux
Lines: 56
Message-ID: <bormt1$i47$1@news1.tilbu1.nb.home.nl>
References: <680c3066.0311110714.7ddf23cd@posting.google.com>
Reply-To: fbortel@nescape.net
NNTP-Posting-Host: cc28855-a.hnglo1.ov.home.nl
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: news1.tilbu1.nb.home.nl 1068588770 18567 217.121.193.81 (11 Nov 2003 22:12:50 GMT)
X-Complaints-To: abuse@home.nl
NNTP-Posting-Date: Tue, 11 Nov 2003 22:12:50 +0000 (UTC)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.4) Gecko/20030624 Netscape/7.1 (ax)
X-Accept-Language: en-us, en
In-Reply-To: <680c3066.0311110714.7ddf23cd@posting.google.com>
Xref: newssvr20.news.prodigy.com comp.databases.oracle.server:247475

Joop Gijsbers wrote:

> For a client i need an ssl connection ; i got the certificate and
> implemented it.
> 
> Normal ssl connections works fine, but connections with Oracle
> Jinitiator gives problems: SSL handshake failed error.:
> 
> Opening https://[url]/forms60java/f60all_jinit.jar no
> proxyjavax.net.ssl.SSLException: SSL handshake failed:
> X509CertChainIncompleteErr	at
> oracle.security.ssl.OracleSSLSocketImpl.startHandshake(OracleSSLSocketImpl.java)	at
> oracle.jinitiator.protocol.https.HttpsClient.doConnect(HttpsClient.java:128)	at
> sun.net.www.http.HttpClient.openServer(HttpClient.java:272)	at
> sun.net.www.http.HttpClient.openServer(HttpClient.java:344)	at
> sun.net.www.http.HttpClient.<init>(HttpClient.java:212)	at
> sun.net.www.http.HttpClient.<init>(HttpClient.java:216)	at
> sun.plugin.protocol.http.HttpClient.<init>(HttpClient.java:58)	at
> oracle.jinitiator.protocol.https.HttpsClient.<init>(HttpsClient.java:36)	at
> oracle.jinitiator.protocol.https.HttpsClient.New(HttpsClient.java:52)	at
> sun.plugin.protocol.http.HttpURLConnection.connect(HttpURLConnection.java:109)	at
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(Compiled
> Code)	at sun.net.www.protocol.http.HttpURLConnection.openConnectionCheckRedirects(Compiled
> Code)	at sun.applet.JARCache.beginStoring(JARCache.java:425)	at
> sun.applet.AppletResourceLoader.loadJar(AppletResourceLoader.java:215)	at
> sun.applet.JinitAppletPanel.loadJarFiles(Compiled Code)	at
> sun.plugin.AppletViewer.loadJarFiles(Compiled Code)	at
> sun.applet.JinitAppletPanel.runLoader(JinitAppletPanel.java:580)	at
> sun.applet.JinitAppletPanel.run(Compiled Code)	at
> java.lang.Thread.run(Thread.java:466)
> 
> I looked at Metalink, and got a note - 147836.1, How to make
> Jinitiator work with Apache with SSL (HTTPS). But the solution in that
> note - modifications in the certdb.txt in in Program
> Files\oracle\Jinitiator 1.1.8.x\lib\security on the client does not
> work.
> 
> Anyone a clue? Thanks.
> 
> Jinitiator version: 1.1.8.16
> Oracle Ias: 9i Release 1 (v1.0.2.2.2a) for Windows NT/2000
Let me guess - you have a certificate from Verisign?

Then you only have half the certificate - the other half
is built in into most browsers.
Get a HTML page with the certificate, view it, and export
the master (other half) certificate - that's the
X509Incomplete error you get.

Then you have to do some extra X509 configs, which I'm
not familiar with for JInitiator.

Could give you the 9iAS settings tho, if interested.
-- 
Regards, Frank van Bortel

