illegal Key Size exception when u do SSL authentication

By W.ZH Mar 2010

Issue:  When you try to do  a SSL authentication to an http site by user name and password. You get this in your weblogic server log:

java.security.InvalidKeyException:illegal Key Size

Reason: For security reason, default JVM product such as weblogic use it too, has the key size limitation to meet the US export law. So you get this error.

Solution:  Sun has a  Unlimited Strength Java(TM) Cryptography Extension Policy Files for the Java(TM) Platform,  for defferent version J2SE. you need to go to sun web site to download it.
http://java.sun.com/javase/downloads/index.jsp  the last download in the page.

After download the jce_policy*.zip. you unzip to get two jar files: US_export_policy.jar  and local_policy.jar.. copy this file to your JRE’s lib/security folder to replace the old two files (Remember to back up them). For WLS,, norally it is in sth like: ****Middleware\jdk160**\jre\lib\security

Then , restart your weblogic server, try to access SSL auth website again. works!

If still can not solve the problem, you maybe try to change the WLS’s SSL configuration to see :

Open your weblogic console

Go to : servers -> configuration -> SSL -> Advanced -> Hostname verification

The value of this field should be “none” instead of “BEA hostname verifier”

Refer to

http://charithaka.blogspot.com/2008/08/how-to-avoid-javasecurityinvalidkeyexce.html

http://osdir.com/ml/java.grinder.devel/2006-11/msg00027.html

weblogic

Advertisements