Introduction
After countless hours, you finally finished a secure java server ready for deployment.
If you installed clean copy of Ubuntu 12.04 server or updated it, you may face following error during run time.
javax.net.ssl.SSLException: java.security.ProviderException:
sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALIDProblem
This is known bug with OpenJDK that has not been resolved yet.
Solution
This can be fixed by editing following file:
/etc/java-6-openjdk/security/java.securityFind following line:
security.provider.9=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/nss.cfg
And change to following lines:
security.provider.9=sun.security.ec.SunECsecurity.provider.10=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/nss.cfg
Now your server will not crash!! or you have another fun problem with deal with!
4 comments:
Fucking thank you!
That really pointed me to the right direction :)
But I had to disable the sun.security.pkcs11.SunPKCS11 provider completely to make it work again.
Thanks! The full bug report is here: https://bugs.launchpad.net/ubuntu/+source/openjdk-7/+bug/1006776
YES! Finally back up and running making external ssl connections again. Thank you for this bit of voodoo.
Hey, I tried the fix but the problems stil occurs randomly, any idea ?
Post a Comment