Thursday, November 8, 2012

Addressing OpenJDK bug with SSL on Ubuntu 12.04 Server (


After countless hours, you finally finished a secure java server ready for deployment.
If you installed clean copy of Ubuntu 12.04 server or updated it, you may face following error during run time. CKR_DOMAIN_PARAMS_INVALID


This is known bug with OpenJDK that has not been resolved yet.


This can be fixed by editing following file:


Find following line: ${java.home}/lib/security/nss.cfg

And change to following lines: ${java.home}/lib/security/nss.cfg

Now your server will not crash!! or you have another fun problem with deal with!


Marc Knaup said...

Fucking thank you!
That really pointed me to the right direction :)

But I had to disable the provider completely to make it work again.

Eric Jain said...

Thanks! The full bug report is here:

Unknown said...

YES! Finally back up and running making external ssl connections again. Thank you for this bit of voodoo.

Jocelyn Demoy said...

Hey, I tried the fix but the problems stil occurs randomly, any idea ?