Servoy Forum

[awvservoy]

We're having a showstopper issue with our new wildcard certificate for our domain. For 3+ years we've used Comodo on annual renewals for our wildcard cert for use with Servoy and all was well.

We've elected to go with GoDaddy as the provider this year (less expensive main reason for changing).

However, following all of documented steps (our own as well as to online documentation here and elsewhere) to creating a brand-new keystore and installing the new certs fails- Servoy Server won't start and we get this error:

1 [main] ERROR com.servoy.j2db.util.Debug - Throwable
java.security.InvalidKeyException: No installed provider supports this key: (null)
at javax.crypto.Cipher.a(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)
at com.servoy.j2db.util.Settings.load(Settings.java:265)
at com.servoy.j2db.util.Settings.loadFromFile(Settings.java:191)
at com.servoy.j2db.server.ApplicationServer.main(ApplicationServer.java:59)
Exception in thread "main" java.io.IOException: No installed provider supports this key: (null)
at com.servoy.j2db.util.Settings.load(Settings.java:286)
at com.servoy.j2db.util.Settings.loadFromFile(Settings.java:191)
at com.servoy.j2db.server.ApplicationServer.main(ApplicationServer.java:59)

In this link- viewtopic.php?f=5&t=14332&p=83996&hilit=no+installed+provider+supports+this+key#p83996

Forum member "Guerry" had the same problem and Johan suggested to remove the encrypted passwords from 'servoy.properties' to allow the server to re-encrypt the passwords with the new keystore. We tried that without success- same problem occurs.


We worked with GoDaddy to rekey our cert in case something was wrong there- no luck.

guerry in his last post said the keystore being invalid was his problem. It seems possible that we're having the same issue here; unfortunately based on all documentation available I can't see what the problem could be.

On the server host we also imported the current GoDaddy root and intermediate certs to the Java keystore for the server.

A few facts:

Servoy 5.2.11 (upgrade direct to 7 happening in a few weeks)
Linux CentOS 5.5
JRE 1.6 Update 45 (yes I know it's old- these are for closed private systems and our update to Java 7 will coincide with the upgrade to Servoy 7)
Command used to generate the keystore and the csr:

/usr/java/default/bin/keytool -genkey -keyalg RSA -keysize 2048 -keystore myKeyStore.ks
/usr/java/default/bin/keytool -certreq -alias mykey -keyalg RSA -file myNewCert.csr -keystore myKeyStore.ks
/usr/java/default/bin/keytool -import -trustcacerts -alias root -file gd_bundle-g2-g1.crt -keystore myKeyStore.ks
/usr/java/default/bin/keytool -import -alias intermed -keystore myKeyStore.ks -trustcacerts -file gdig2.crt
/usr/java/default/bin/keytool -import -alias mykey -keystore myKeyStore.ks -trustcacerts -file myNewCert.crt

Code from my server.xml file which has been working and still works 100% fine when I use the current/original keystore:
<Connector
port="443"
maxThreads="150" connectionTimeout="60000"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="/usr/local/servoy/certs/myKeyStore.ks" keystorePass="xxxxxxxxxxxxx"
keyAlias="mykey" clientAuth="false" sslProtocol="TLS"/>


Last thought I had on this: the original cert is SHA1 while this new one is SHA2. Could that possibly be having an impact?

Hoping it's not something simple but at this point after many hours including 2+ on the phone with GoDaddy it's not obvious to me at least. Any thoughts or suggestions would be greatly appreciated!

-Tony

[awvservoy]

An update for reference purposes: we ended up renewing our Comodo SSL certificate to keep things working.

I suspect the difference here was that our GoDaddy certificate was SHA2 while our Comodo cert is SHA1- thinking that our Servoy 5 installation not playing well with the SHA2 cert.

[jcompagner]

this doesn't really have anything todo with the servoy version.
Its more the java version that needs to support this.

[awvservoy]

jcompagner » Thu Oct 23, 2014 4:06 am
this doesn't really have anything todo with the servoy version.
Its more the java version that needs to support this.

Thanks Johan.