hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Wild <tim.w...@solnetsolutions.co.nz>
Subject Re: Invalid RSA modulus size
Date Tue, 13 Jul 2004 22:40:02 GMT
Oleg,

You wouldn't happen to know if this is a bug that's been reported on the 
bug parade would you? I've looked through the bug parade and the JDK1.5 
release notes with no luck. It'd be very helpful to be able to quote a 
bug number to my project manager about why we can't use certificates 
from a particular vendor.

Thanks

Tim

Oleg Kalnichevski wrote:

>Tim,
>
>This is believed to be a limitation of all Sun's JCE/JSSE
>implementations up to Java version 1.5. You can try testing your
>application with Java 1.5-b2 to see if the problem has indeed been
>fixed. Alternatively consider using IBM Java 1.4 or 3rd party JCE/JSSE
>implementations which _may_ not exhibit the same limitation
>
>HTH
>
>Oleg
>
>On Sat, 2004-06-12 at 05:36, Tim Wild wrote:
>  
>
>>Hi,
>>
>>I'm using HttpClient to connect to an apache server that requires 
>>certificates. When I use client and server certificates from my own CA 
>>with 1024 bit keys it works perfectly. When I get a commercial 
>>certificate with a longer key (4096 bits), I get the following error 
>>(full message below) when I connect to apache:
>>
>>javax.net.ssl.SSLProtocolException: java.io.IOException: subject key, 
>>Unknown key spec: Invalid RSA modulus size.
>>
>>Google produced one result, which talked about a maximum key size using 
>>the JCE of 2048 bits using the JDK 1.4.2 default policy files. Another 
>>site suggested getting the unrestricted policy files, so I got and 
>>installed them, but it doesn't seem to make any difference at all.
>>
>>Does anyone have any thought or suggestions? Half formed thoughs or 
>>ideas are welcome as it might give me a lead that I can follow myself.
>>
>>Thanks
>>
>>Tim Wild
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
>>For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
>>
>>    
>>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org
>
>  
>

---------------------------------------------------------------------
To unsubscribe, e-mail: commons-httpclient-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: commons-httpclient-dev-help@jakarta.apache.org


Mime
View raw message