I think the org.omg.CORBA.ORBInitialPort should be 3700,
it seems that glassfish will re-porting to 3820 when communicating,
if you set -Djavax.net.debug=all, you'll see SSL information.
thanks,
henrry_china
----- Original Message -----
From: "Gerald Holl" <gerald_at_holl.co.at>
To: <users_at_glassfish.dev.java.net>
Sent: Tuesday, January 15, 2008 1:02 AM
Subject: Re: IIOP and SSL
>V B Kumar Jayanti wrote:
>> Gerald Holl wrote:
>>
>>> Hello,
>>>
>>> I'm trying to get SSL and IIOP working.
>>>
>>> I have a standalone client where I lookup a remote EJB stateless session
>>> bean.
>>> The lookup works fine if I don't use SSL. When I switch to SSL I get the
>>> following error:
>>>
>>> javax.naming.CommunicationException: Can't find SerialContextProvider
>>> [Root exception is org.omg.CORBA.COMM_FAILURE: vmcid: SUN minor code:
>>> 208 completed: Maybe]
>>> at
>>> com.sun.enterprise.naming.SerialContext.getProvider(SerialContext.java:165)
>>> at
>>> com.sun.enterprise.naming.SerialContext.lookup(SerialContext.java:398)
>>> at javax.naming.InitialContext.lookup(InitialContext.java:392)
>>> ...
>>>
>>> Here's the lookup code of the client:
>>> System.setProperty("javax.net.ssl.trustStore", "client.keystore");
>>> System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
>>> System.setProperty("javax.net.ssl.keyStore", "client.keystore");
>>> System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
>>> System.setProperty("org.omg.CORBA.ORBInitialHost", "localhost");
>>> System.setProperty("org.omg.CORBA.ORBInitialPort", "3820");
>>> InitialContext ctx = new InitialContext();
>>> server = (Server) ctx.lookup("Server");
>>>
>>> I added the servers' public key to the client's keystore and vice versa.
>>>
>>> The appserv-rt.jar and javaee.jar are on the client's classpath.
>>>
>> Looks fine, not sure why you are seeing the failure. Can you
>> set -Djavax.net.debug=ssl,handshake and attach the logs. It may show the
>> real reason.
>
> Hi,
>
> I'm a little bit confused about the last four lines of the following log:
>
> debug=all:
>
> found key for : client
> chain [0] = [
> [
> Version: V3
> Subject: CN=Widok Client, OU=F&E, O=F&E Hagenberg, L=Hagenberg, ST=OOE,
> C=AT
> Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
> ...
> Issuer: CN=Widok Client, OU=F&E, O=F&E Hagenberg, L=Hagenberg, ST=OOE,
> C=AT
> SerialNumber: [ 46e0f94c]
>
> ]
> Algorithm: [SHA1withRSA]
> Signature:
> 0000: 4C 4F 73 A4 0B D4 BE B9 31 62 7B 4E 86 43 59 8B [...]
> ]
> ***
> adding as trusted cert:
> Subject: CN=widok.fh-ooe.at, OU=F&E, O=F&E Hagenberg, L=Hagenberg,
> ST=OOE, C=AT
> Issuer: CN=widok.fh-ooe.at, OU=F&E, O=F&E Hagenberg, L=Hagenberg,
> ST=OOE, C=AT
> Algorithm: RSA; Serial number: 0x46e0f6ed
> Valid from Fri Sep 07 08:59:57 CEST 2007 until Thu Jan 02 07:59:57 CET
> 2020
>
> adding as trusted cert:
> Subject: CN=Widok Client, OU=F&E, O=F&E Hagenberg, L=Hagenberg, ST=OOE,
> C=AT
> Issuer: CN=Widok Client, OU=F&E, O=F&E Hagenberg, L=Hagenberg, ST=OOE,
> C=AT
> Algorithm: RSA; Serial number: 0x46e0f94c
> Valid from Fri Sep 07 09:10:04 CEST 2007 until Thu Jan 02 08:10:04 CET
> 2020
>
> X509KeyManager passed to SSLContext.init(): need an
> X509ExtendedKeyManager for SSLEngine use
> trigger seeding of SecureRandom
> done seeding SecureRandom
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: users-help_at_glassfish.dev.java.net
>
>
>