Cannot set up certs for trusted CAs Error When Using JDBC 11g And SQLNET.ALLOWED_LOGON_VERSION=10 (Doc ID 1315314.1)

Last updated on MARCH 08, 2017

Applies to:

JDBC - Version 10.2.0.4 and later
Information in this document applies to any platform.

Symptoms


When using the property "SQLNET.ALLOWED_LOGON_VERSION=10" set in the file sqlnet.ora on the server side, and using a JDBC thin driver on the client side, the connection failed with ORA-28040: No matching authentication protocol.

To address this issue, <Patch:6779501> was downloaded and applied. This corrected the ORA-28040 error, but using the new ojdbc14.jar caused a “Cannot set up certs for trusted CAs” error.

The same issue also occurs when using an ojdbc6.jar file. However, there are no issues establishing a connection when SQLNET.ALLOWED_LOGON_VERSION=8 is used without any updated .jar files.

Error stack:


Exception in thread "main" java.lang.ExceptionInInitializerError
at java.lang.J9VMInternals.initialize(J9VMInternals.java:222)
at javax.crypto.Cipher.getInstance(Unknown Source)
at oracle.security.o5logon.O5LoginClientHelper.decryptAES(Unknown Source)
at oracle.security.o5logon.O5LoginClientHelper.generateOAuthResponse(Unknown Source)
at oracle.jdbc.driver.T4CTTIoauthenticate.doOAUTH(T4CTTIoauthenticate.java:655)
at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:366)
at oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:536)
at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:228)
at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:32)
at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:521)
at oracle.jdbc.pool.OracleDataSource.getPhysicalConnection(OracleDataSource.java:280)
at oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:207)
at oracle.jdbc.pool.OracleDataSource.getConnection(OracleDataSource.java:157)
at JDBCInfo.main(JDBCInfo.java:59)
Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
at javax.crypto.b.<clinit>(Unknown Source)
at java.lang.J9VMInternals.initializeImpl(Native Method)
at java.lang.J9VMInternals.initialize(J9VMInternals.java:200)
... 13 more
Caused by: java.lang.SecurityException: SHA1 digest error for default_local.policy
at sun.security.util.ManifestEntryVerifier.verify(ManifestEntryVerifier.java:220)
at java.util.jar.JarVerifier.processEntry(JarVerifier.java:211)
at java.util.jar.JarVerifier.update(JarVerifier.java:198)
at java.util.jar.JarVerifier$VerifierStream.read(JarVerifier.java:421)
at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:452)
at sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:494)
at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:222)
at java.io.InputStreamReader.read(InputStreamReader.java:177)
at java.io.BufferedReader.fill(BufferedReader.java:148)
at java.io.BufferedReader.read(BufferedReader.java:169)
at java.io.StreamTokenizer.read(StreamTokenizer.java:495)
at java.io.StreamTokenizer.nextToken(StreamTokenizer.java:539)
at javax.crypto.CryptoPolicyParser.a(Unknown Source)
at javax.crypto.f.a(Unknown Source)
at javax.crypto.b.a(Unknown Source)
at javax.crypto.b.a(Unknown Source)
at javax.crypto.b.access$600(Unknown Source)
at javax.crypto.b$0.run(Unknown Source)
at java.security.AccessController.doPrivileged(AccessController.java:251

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms