This is legacy problem left over from the stupid restrictions on exporting
encryption software from the United States.
You will have to go to http://java.sun.com/products/jsse/ and download the
latest version (i think it's 1.0.2) that's NOT FOR U.S. EXPORT. This
version will support 128bit encryption. Please read the installation
instructions as you will have to made some modifications to
$JAVA_HOME/jre/lib/security/java.security.
You -->MIGHT<-- need to create a new keystore and regenerate your
certificate request and run through the whole process again.
Read the instructions on orionserver.com howto carefully.
People on this list have gotten Orion to work with Verisign's Netscape
128bit certificate and thwate's 128bit SuperCert (or Super-something
err-rather).
cheers,
sach
On 10 Jan 2001, mohan krishna wrote:
> Hi all...
> i want to implement 128bit cert to my application but i am not sure that
> whether orion can support 128 bit with its default jsse...
> if doesn't which jsse we have to download and what r the steps i have to
> follow...
> when i am trying to installing the 128bit certificate it is giving the
> following error
> keytool error:java.security.cert.certificateException:unsupported encoding...
> i am not sure that is the problem with orion or with jsse...
> what the steps i have to follow to make orion to use 128bit...
>
> any help is appreciated...
> thankz
> mohan
>
>
>
> Sach Jobb <[EMAIL PROTECTED]> wrote:
> No problem.
>
> Well, other have got the Thawte SuperCert working before so i think you
> are in good shape.
>
> I'm not sure if this is the cause of your error message, but the version
> of the JSSE that comes with orion will only do 40bit encryption so you
> will have to go to http://java.sun.com/products/jsse/ and download the
> 1.0.2 NOT FOR U.S. EXPORT version. This version will support 128bit
> encryption. Simply follow the instructions that come with the download to
> install.
>
> You will _might_ have to regenerate your certificate request.
>
> good luck,
> sach
>
>
> On Tue, 9 Jan 2001, Klaus Thiele wrote:
>
> > thanks for responding.
> >
> > it's a "Thawte SuperCert" (128 bit(?))
> > i'm using the JSSE that comes with orion.
> >
> > thanks
> > klaus
> >
> > Sach Jobb wrote:
> >
> > > 128bit is a try-your-luck situation. I got it to work with the verisign
> > > netscape 128bit and i heard someone on the list say that they got the
> > > "supercert" (or something like that) with thawte to work too.
> > >
> > > Sounds like it can't read the keystore, but i think that's a different
> > > error message. Klaus, can you give us more info on the type of cert you
> > > have, which version of the JSSE you are using, etc?
> > >
> > > thanks,
> > > sach
> > > %s/windows/linux/g
> > >
> > > On Tue, 9 Jan 2001, Juan Lorandi (Chile) wrote:
> > >
> > >
> > >> won't it be a 128 bit certificate.... which orion can't
> handle........won't
> > >> it?
> > >>
> > >> JP
> > >>
> > >> -----Original Message-----
> > >> From: Klaus Thiele [mailto:[EMAIL PROTECTED]]
> > >> Sent: Martes, 09 de Enero de 2001 13:09
> > >> To: Orion-Interest
> > >> Subject: Urgent: Orion/SSL with Thawte-Cert
> > >>
> > >>
> > >> Hello,
> > >>
> > >> after a long time i've got now the real Cert from Thawte.
> > >>
> > >> but now I get following error when orion comes up:
> > >>
> > >> Error starting HTTP-Server: Unable to intialize SSLServerSocketFactory
> > >> 'com.evermind.ssl.JSSESSLServerSocketFactory': Unrecoverable key error:
> > >> Cannot recover key
> > >>
> > [...]
> >
> >
> > --
> > Klaus Thiele - Personal & Informatik AG
> > mailto:[EMAIL PROTECTED]
> >
> > "There's got to be more to life than compile-and-go."
> >
> >
>
>
>
> ____________________________________________________________________
> Get free email and a permanent address at http://www.netaddress.com/?N=1
>
