Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

Does Java 7 or Java 8 (keytool) support SHA-2 certificates with RSASSA-PSS as Signature algorithm?

user8946808Mar 1 2016 — edited Mar 1 2016

I am trying to import some certificates via the keytool in JRE 7 Update 80 or JRE 8 Update 66. The certificates are SHA256 ones with RSASSA-PSS as signature algorithm.

I have applied relevant JCE files to the JREs.

I have the instructions in the following links 


But the keytool commands (to install the web server certificate) failed with

  • keytool error: java.lang.Exception: Incomplete certificate chain in reply
  • keytool error: java.lang.Exception: Failed to establish chain from reply

I can use same keytool commands to import certificates if SHA256RSA as signature algorithm.

Microsoft Premier support says that the problem could be whether or not the Java 7 or Java 8 are compatible with RSASSA-PSS as signature algorithm.

Can anyone confirm this?

Thanks in advance.

Comments

Gyanprakash Pandey
Refer doc below:
http://docs.oracle.com/cd/E21764_01/doc.1111/e15478/webgate.htm#BABHCBGG

regards,
GP
user13714831
Hi - Did you get answer to your question? if yes - could you pls share?

Even we are using Apache 2.2.x and OAM 11.1.1.5. I wanted to know if OAM 11g Webgate is available/supported for Apache 2.2.x? As per OAM 11g webgate certification matrix it supports "Oracle HTTP Server 11gR1 (11.1.1.2+) based on Apache 2.2.x" but not sure if Apache 2.2 is certified and supported by 11g agents?
User_BR1OQ
Hi,

As of now Webgate 11g is not supported with Apache 2.2 or any other Apache version. There is a big architecture difference in OHS11g and Apache 2.2, even though OHS11g is based on Apache2.2.

If you need a webgate for Apache2.2 then you should be using 10g webgates.

~Yagnesh
1 - 3
Locked Post
New comments cannot be posted to this locked post.

Post Details

Locked on Mar 29 2016
Added on Mar 1 2016
#cryptography
0 comments
3,488 views