A client has three Encanto Java internet appliances.  We are trying to
import a new SSL certificate from Thawte on one and Verisign on the
other.  In both instances we are receiving:

java.lang.SecurityException: Unsupported CA,
OID.1.2.840.113549.1.9.1=server-certs@thawte.com, CN=Thawte Server CA,
OU=Certification Services Division, O=Thawte Consulting cc, L=Cape
Town, S=Western Cape, C=ZA

I thought I had copied over the new certificates.  My question is how
do I properly import the latest CA Root Certs into this java server.

Dear Smileheim,

Finding an answer to this question was really difficult. Both Versign
and Thawte websites don't have any documentation on the server and
Encanto's official websites don't exist anymore.

Encanto uses Java Web Server in the Internet Server Appliance as per:
http://www.sun.com/smi/Press/sunflash/1997-12/sunflash.971203.2.html

With this background, one just needs to follow installation
instructions for the certificate at Sun's Java Web Server's site:
http://wwws.sun.com/software/jwebserver/faq/faq.html

If you still get the error, it might be due to:
Problem: I get the following exception, when I try to install a
certificate: "java.lang.SecurityException: unsupported CA"
Answer: You have to install the Root certificate from the CA who
signed you certificate, before you can install your certificate.
http://www.e-beans.com/package/ebeans/external/doc/jadk-2.3/guide/faq.html

Search methodology:
://www.google.com/search?sourceid=navclient&q=%22java+web+server%22+%22install+certificate%22

Hope that helps!

---

Request for Answer Clarification by smilheim-ga on 05 May 2004 09:26 PDT

I am trying to update the Root CA on the server.  I am getting the
Unsupported CA error because the current root ca certificates
installed on the encanto have been revoked by Verisign and Thawte.

I have already looked at all of those links posted and none have helped.

---

Clarification of Answer by kapilr-ga on 06 May 2004 00:37 PDT

Dear Smileheim,

There are five main steps in the process:
- Create a self-signed certificate
- Submit a Certificate Signing Request (CSR)
- Save the copy of the root certificate on disk
- Import the root certificate
- Restart the webserver

Please see: http://wwws.sun.com/software/jwebserver/faq/faq.html#f2 

Just start once all over again and try it. 

Please write back if you still need any clarifications.

---

Request for Answer Clarification by smilheim-ga on 07 May 2004 09:23 PDT

Again you are talking about a client certificate.  I am speaking of
the CA Root Certificate that needs to be updated in the java server. 
Verisign and Thawte's cert that is currently on the server expired
January of 2004.  This is what I need to update.

From all that I have been reading I am thinking this is impossible
without the source code of the product.

---

Clarification of Answer by kapilr-ga on 10 May 2004 00:04 PDT

Dear Smilheim,

Creating and Managing Server Certificates section of Java Web Server
documentation describes the procedure of importing the root
certificate, which is almost same as importing a regular certificate:
Start AuthStore if it is not already started. 
Click Import CA. 
Provide the location of the root CA certificate and an alias. 
Click OK. 

Please see:
http://www.depi.itch.edu.mx/doc/en/administration/authstore_procs.html

This post on Java Web Server mailing list addresses a problem similar to yours:
authstore writes out 2 files:
1. 'keys' file.
It contains your public/priv keys and your imported (via "Import"
button in authstore) certificate.
This file is located at <JWS install root>/keys.

2. 'CAstore' file.
This file contains all your imported (via "Import CA" button in
authstore) root certificates.
This file is stored in the home directory of whoever ran authstore
and did the "Import CA".

To get back to a 'clean slate' all you need to do is move the above files
out of the way.

Just a heads up (you probably already know this) -
---------------------------------------------------------------------------
 An important thing to note here is that when you generate a *real* cert
 request (CSR), the corresponding keys file in the JWS install should be backed
 up. Deleting them will prevent you from running SSL with your purchased
 certificate since your priv/pub key (stored in 'keys' file) is lost.
---------------------------------------------------------------------------

http://archives.java.sun.com/cgi-bin/wa?A2=ind9903&L=jserv-interest&F=&S=&P=10495


About the source code, Sun has no current plans to open source Java
Web Server as per:
http://wwws.sun.com/software/jwebserver/transition/

Encanto does not seem to be in business any longer as well. 

Hope that helps!

---

Request for Answer Clarification by smilheim-ga on 11 May 2004 08:49 PDT

I can't follow these directions.  This is using Sun's Java interface
which is not on the encanto appliance.  Encanto hacked it up quite
badly.  They have their own  proprietary interface which is what I
need the source code to.  Not Sun's java server.  The only way I could
do this is by command line.  Unfortunately those links didn't help
either.

---

Clarification of Answer by kapilr-ga on 12 May 2004 08:02 PDT

Dear Smileheim,

Can I request you to suggest me which model of Encanto you are using?
Some of the previous models used native Java Web Server of Sun and
some others would have a modified version. After your information, I
can search and suggest accordingly.

After repeated clarifications the answer given unfortunately didn't help me at all.