From owner-freebsd-java Thu Jan 7 09:23:23 1999 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id JAA10480 for freebsd-java-outgoing; Thu, 7 Jan 1999 09:23:23 -0800 (PST) (envelope-from owner-freebsd-java@FreeBSD.ORG) Received: from gateway.reims.net (gateway.reims.net [194.75.234.2]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA10455; Thu, 7 Jan 1999 09:23:18 -0800 (PST) (envelope-from dave.roberts@saaconsultants.com) Received: by gateway.reims.net; id RAA13802; Thu, 7 Jan 1999 17:22:12 GMT Received: from smtpgate.saa-cons.co.uk(10.10.10.182) by gateway.reims.net via smap (3.2) id xma013790; Thu, 7 Jan 99 17:22:00 GMT Received: by smtpgate.saaconsultants.com (8.6.8.1/1.3-eef) id RAA16100; Thu, 7 Jan 1999 17:23:34 GMT Received: from haddock.saa-cons.co.uk(10.1.11.2) by amnesiac via smap (V1.3) id sma016096; Thu Jan 7 17:23:32 1999 Received: from localhost by haddock.saa-cons.co.uk (AIX 3.2/UCB 5.64/5.00) id AA15917; Thu, 7 Jan 1999 17:22:13 GMT Date: Thu, 7 Jan 1999 17:22:13 +0000 (GMT) From: Dave Roberts To: freebsd-questions@FreeBSD.ORG Cc: freebsd-java@FreeBSD.ORG Subject: Security Exception on java40.jar (Communicator 4.06 on 2.2.1) Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-java@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I was going to send this out as a cry for help.... but you know how it goes, you explain things to someone, you think a bit more, you do some investigation, and just after you press the 'send' key, you solve your own problem. This is one of those occasions, but I solved it before I sent it. :) I'm sending it now, so that it gets archived and may help someone else in the future. --- here's the bit I typed as I thought --- I've checked the archives and can't find anything relevant. I'm running Communicator 4.06 on FreeBSD 2.2.1-RELEASE. If I have Java enabled, and go to a page where there is an applet available, an error dialog pops up with the following message:- # Error: The server's certificate has an invalid signature. You will not be able to connect to this site securely. (-8182) # jar file: /usr/local/lib/netscape/java/classes/java40.jar # path: /usr/local/lib/netscape/java/classes/java40.jar After which it locks out Communicator completely, and I have to kill it off. This of course leads to a lock file being left, which brings to the next interesting part. If I remove the lock file and run Communicator again, I obviously get the same problem. If I leave the lock file in place, and proceed with running Communicator, the applet loads and runs without any problems. This leads me to believe that it has something to do with the certs or key db files, due to the "2nd" copy not being able to access these things. --- this is as far as I got -- Thinking about that last paragraph got me wondering if any of my certificates imported due to using S/MIME had messed up the settings. They hadn't. Cutting a long story short, and borrowing the 'secmodule.db' file from another user, I had found that within Generic Crypto Svcs of the Internal PKCS#11 Module of the Securoty dialog, I had disabled DES and MD2. Enabling these again got java working as much as it does "normally". Like I said, I hope this helps someone in the future. - Dave. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-java" in the body of the message