Project

General

Profile

Can not initialize SSLContext for domain

Teddy Mogire
Added over 4 years ago

I have installed tigase-server-5.2.2-b3464.jar and whenever I try to connect with the created admin account, the exception below shows and the client is stuck at Connecting

@2014-11-02 22:01:45.873 [ConnectionOpenThread] SSLContextContainer.getSSLContext() SEVERE: Can not initialize SSLContext for domain: default, protocol: SSL

java.security.cert.CertificateException: Issuer class type invalid.

    at sun.security.x509.X509CertInfo.setIssuer(Unknown Source)

    at sun.security.x509.X509CertInfo.set(Unknown Source)

    at tigase.cert.CertificateUtil.createSelfSignedCertificate(CertificateUtil.java:189)

    at tigase.io.SSLContextContainer.getSSLContext(SSLContextContainer.java:336)

    at tigase.io.SSLContextContainer.getSSLContext(SSLContextContainer.java:272)

    at tigase.io.TLSUtil.getSSLContext(TLSUtil.java:121)

    at tigase.net.IOService.startSSL(IOService.java:396)

    at tigase.server.ConnectionManager$ConnectionListenerImpl.accept(ConnectionManager.java:1345)

    at tigase.net.ConnectionOpenThread.run(ConnectionOpenThread.java:224)

    at java.lang.Thread.run(Unknown Source)

@

Running on:

java version "1.8.0_20"

Java(TM) SE Runtime Environment (build 1.8.0_20-b26)

Java HotSpot(TM) 64-Bit Server VM (build 25.20-b23, mixed mode)

What should I do to fix this?

Thanks.


Replies (2)

Added by Andrzej Wójcik IoT 1 CloudTigaseTeam over 4 years ago

This issue is due to changes in X509 API in JDK8 and it was solved in #1956 but fix is applied only for Tigase XMPP Server 5.3.0-SNAPSHOT and newer.

This issue appears only if there is no valid SSL certificate for domain as in such case Tigase XMPP Server tries to generate self-signed certificate. To overcome this issue in Tigase XMPP Server 5.2.2 you will need to generate certificate for required domain manually (ie. generate self-signed certificate using OpenSSL) and then install it in Tigase XMPP Server as described in Creating and Loading the Server Certificate in pem Files

Added by Teddy Mogire over 4 years ago

Thanks a lot

    (1-2/2)