Cannot set up certs for trusted CAs Error When Using JDBC 11g And SQLNET.ALLOWED_LOGON_VERSION=10

(Doc ID 1315314.1)

Last updated on MARCH 08, 2017

Applies to:

JDBC - Version and later
Information in this document applies to any platform.


When using the property "SQLNET.ALLOWED_LOGON_VERSION=10" set in the file sqlnet.ora on the server side, and using a JDBC thin driver on the client side, the connection failed with ORA-28040: No matching authentication protocol.

To address this issue, <Patch:6779501> was downloaded and applied. This corrected the ORA-28040 error, but using the new ojdbc14.jar caused a “Cannot set up certs for trusted CAs” error.

The same issue also occurs when using an ojdbc6.jar file. However, there are no issues establishing a connection when SQLNET.ALLOWED_LOGON_VERSION=8 is used without any updated .jar files.

Error stack:

Exception in thread "main" java.lang.ExceptionInInitializerError
at java.lang.J9VMInternals.initialize(
at javax.crypto.Cipher.getInstance(Unknown Source)
at Source)
at Source)
at oracle.jdbc.driver.T4CTTIoauthenticate.doOAUTH(
at oracle.jdbc.driver.T4CConnection.logon(
at oracle.jdbc.driver.PhysicalConnection.<init>(
at oracle.jdbc.driver.T4CConnection.<init>(
at oracle.jdbc.driver.T4CDriverExtension.getConnection(
at oracle.jdbc.driver.OracleDriver.connect(
at oracle.jdbc.pool.OracleDataSource.getPhysicalConnection(
at oracle.jdbc.pool.OracleDataSource.getConnection(
at oracle.jdbc.pool.OracleDataSource.getConnection(
at JDBCInfo.main(
Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs
at javax.crypto.b.<clinit>(Unknown Source)
at java.lang.J9VMInternals.initializeImpl(Native Method)
at java.lang.J9VMInternals.initialize(
... 13 more
Caused by: java.lang.SecurityException: SHA1 digest error for default_local.policy
at java.util.jar.JarVerifier.processEntry(
at java.util.jar.JarVerifier.update(
at java.util.jar.JarVerifier$
at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(
at sun.nio.cs.StreamDecoder$CharsetSD.implRead(
at javax.crypto.CryptoPolicyParser.a(Unknown Source)
at javax.crypto.f.a(Unknown Source)
at javax.crypto.b.a(Unknown Source)
at javax.crypto.b.a(Unknown Source)
at javax.crypto.b.access$600(Unknown Source)
at javax.crypto.b$ Source)


Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms