Re: problem with SSL connection java.security.NoSuchAlgorithmException: Error constructing implementation

[Ivano Luberti <lu...@archicoop.it.INVALID>]

Hi all.

Finally found out the issue.

And had nothing to do with tomcat.

There are two web applications under this particular instance of tomcat

Both of them contain an http client that issues https connections.

Application A  sets explicitly the certificate store type to PKCS

Application B does not, so is expecting JKS.

The JDK instance has a JKS certificate store.

Launching application A causes an exception when it tries to connect via 
HTTPS

Application B then fails because finds in SystemProperty that the 
certificate store is PKCS but actually it is JKS.

I'm writing this to underline that as predictable it was not a problem 
with tomcat

Thanks to everyone spent time into this, especially Chris


Il 27/06/2023 16:35, Christopher Schultz ha scritto:
> Ivano,
>
> On 6/27/23 09:15, Ivano Luberti wrote:
>> We had another Linux server that should have been identical to the 
>> one where the problem was occuring. Tested the same software on that 
>> without the issue.
>>
>> So we cloned the latter and replaced the former.
> >
>> Now everything works as expected.
>
> Hah.
>
>> Before the replacement we tried to find out any difference between 
>> the two servers, especially with regard to JDK and Tomcat 
>> installations but to no avail: they looked identical file by file, 
>> not only by version. I had supposed the cacert file was corrupted but 
>> it was identical to the one on the working machine.
>>
>> Having found a practical solution we have decided to give up 
>> investigating.
>>
>> Thank you again to you and the other that paid attention to my issue.
>
> Of course.
>
> Someone recently posted a similar issue that has no explanation which 
> magically went-away after (essentially) re-building the server. There 
> was nothing specific that could be pointed-to as a likely source of 
> the problem, but now it's just /gone/.
>
> It's not entirely satisfying from a "what if it happens again" 
> perspective, but "you can't argue with results."
>
> -chris
>
>> Il 26/06/2023 18:50, Christopher Schultz ha scritto:
>>> Ivano,
>>>
>>> On 6/8/23 06:10, Ivano Luberti wrote:
>>>> Hi, all I have the following problem.
>>>
>>> [snip]
>>>
>>> My guess is that looking at the code in this general area would be 
>>> helpful. If you are able to add debug logging in there to spoit-out 
>>> some of the crypto configuration being used, I'm sure it would help:
>>>
>>>>> it.sella.ecomm.WSCryptDecryptStub,encrypt,197
>>>>> it.archicoop.met.sistemapagamento.bancasella.wscryptdecryptclient.WSClient,encrypt,61 
>>>>>
>>>>> it.archimede.met.backoffice.pagamento.GestionePagamento,encrypt,75
>>>>> it.archimede.met.turisti.servlet.NuovoOrdineAcquista,encrypt,379
>>>
>>> Sorry, I don't think anybody here will be able to help much further 
>>> without a lot more information.
>>>
>>> -chris
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
>>> For additional commands, e-mail: users-help@tomcat.apache.org
>>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
-- 

Archimede Informatica tratta i dati personali in conformità a quanto
stabilito dal Regolamento UE n. 2016/679 (GDPR) e dal D. Lgs. 30 giugno 
2003 n. 196
per come modificato dal D.Lgs. 10 agosto 2018 n. 101.
Informativa completa 
<http://www.archicoop.it/fileadmin/pdf/InformativaTrattamentoDatiPersonali.pdf>

dott. Ivano Mario Luberti

Archimede Informatica società cooperativa a r. l.
Via Gereschi 36, 56127 Pisa

tel.: +39 050/580959 | fax: +39 050/8932061

web: www.archicoop.it
linkedin: www.linkedin.com/in/ivanoluberti
facebook: www.facebook.com/archimedeinformaticapisa/