My Oracle Support Banner

Cannot set up certs for trusted CAs Error When Using JDBC 11g And SQLNET.ALLOWED_LOGON_VERSION=10 (Doc ID 1315314.1)

Last updated on SEPTEMBER 14, 2018

Applies to:

JDBC - Version 10.2.0.4 and later
Information in this document applies to any platform.

Symptoms


When using the property "SQLNET.ALLOWED_LOGON_VERSION=10" set in the file sqlnet.ora on the server side, and using a JDBC thin driver on the client side, the connection failed with ORA-28040: No matching authentication protocol.

To address this issue, <Patch:6779501> was downloaded and applied. This corrected the ORA-28040 error, but using the new ojdbc14.jar caused a “Cannot set up certs for trusted CAs” error.

The same issue also occurs when using an ojdbc6.jar file. However, there are no issues establishing a connection when SQLNET.ALLOWED_LOGON_VERSION=8 is used without any updated .jar files.

Error stack:


Exception in thread "main" java.lang.ExceptionInInitializerError
at java.lang.J9VMInternals.initialize(J9VMInternals.java:222)
at javax.crypto.Cipher.getInstance(Unknown Source)
at oracle.security.o5logon.O5LoginClientHelper.decryptAES(Unknown Source)
at oracle.security.o5logon.O5LoginClientHelper.generateOAuthResponse(Unknown Source)
at oracle.jdbc.driver.T4CTTIoauthenticate.doOAUTH(T4CTTIoauthenticate.java:655)
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:366)
at oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:536)
at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:228)
at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:32)
at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:521)
at oracle.jdbc.pool.OracleDataSource.getPhysicalConnection(OracleDataSource.java:280)
at oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:207)
at oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:157)
at JDBCInfo.main(JDBCInfo.java:59)
Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
at javax.crypto.b.<clinit>(Unknown Source)
at java.lang.J9VMInternals.initializeImpl(Native Method)
at java.lang.J9VMInternals.initialize(J9VMInternals.java:200)
... 13 more
Caused by: java.lang.SecurityException: SHA1 digest error for default_local.policy
at sun.security.util.ManifestEntryVerifier.verify(ManifestEntryVerifier.java:220)
at java.util.jar.JarVerifier.processEntry(JarVerifier.java:211)
at java.util.jar.JarVerifier.update(JarVerifier.java:198)
at java.util.jar.JarVerifier$VerifierStream.read(JarVerifier.java:421)
at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:452)
at sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:494)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:222)
at java.io.InputStreamReader.read(InputStreamReader.java:177)
at java.io.BufferedReader.fill(BufferedReader.java:148)
at java.io.BufferedReader.read(BufferedReader.java:169)
at java.io.StreamTokenizer.read(StreamTokenizer.java:495)
at java.io.StreamTokenizer.nextToken(StreamTokenizer.java:539)
at javax.crypto.CryptoPolicyParser.a(Unknown Source)
at javax.crypto.f.a(Unknown Source)
at javax.crypto.b.a(Unknown Source)
at javax.crypto.b.a(Unknown Source)
at javax.crypto.b.access$600(Unknown Source)
at javax.crypto.b$0.run(Unknown Source)
at java.security.AccessController.doPrivileged(AccessController.java:251

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References


This document is being delivered to you via Oracle Support's Rapid Visibility (RaV) process and therefore has not been subject to an independent technical review.
My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.