We have an application1 that is working with openssl and have a pkey and cert file (RSA) that clients are able to connect (handshake complete).
We have another application2 that does not use openssl but Java keytool and jks file. Client are not able to connect to this application (negotiation fails). We thought that the reason has to do with the fact that clients need to negotiate with application1's pkey and cert, so we added them to the jks file (using the procedure here http://blog.jgc.org/2011/06/importing-existing-ssl-keycertificate.html). - maybe we should have split it to two entries - one in the trust file and one in the keystore file. Now application2 (uses Grizzly framework) fails to initiate and have the following exception: java.lang.IllegalStateException: KeyManagerFactoryImpl is not initialized. We are using jdk1.7.
Can anyone help? Thanks a lot
答案 0 :(得分:0)
我在Java 7上遇到了与Grizzly相同的错误。
我使用SSLContextConfigurator设置我的SSL配置:
SSLContextConfigurator sslContext= new SSLContextConfigurator();
您可以指定多个属性,其中一个是密钥管理器工厂算法。现在,如果你没有指定它,则选择默认值,在我的情况下SunX509。这个实现在我的类路径中可用,但是我得到了这个例外。
我的想法:指定替代方案!
sslContext.setKeyManagerFactoryAlgorithm("X509");
X509。
我尝试明确设置SunX509或KeyManagerFactory.getDefaultAlgorithm()并禁止这样做,因此我认为这是正确的解决方案。
实际上,在某种程度上。通过此更改,错误消失,但我的SSL设置仍然无法正常工作,因为无关的问题,特别是密钥库和证书密码未正确设置。
修复这些密码问题后,我的设置再次起作用,无需指定特定的替代管理器,默认为OK。
所以结束:如果您的SSL配置一切正常,那么您不需要覆盖默认的KeyManagerFactoryAlgorithm。